Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

During a recent penetration test, Trustwave SpiderLabs researchers discovered a weak input validation vulnerability in the CrushFTP application which caused the deletion of all users. CrushFTP is a secure high- speed file transfer server that runs on almost any OS. It handles a wide array of protocols, and security options. CrushFTP stores details of registered users within the filesystem in the users/MainUsers directory.

Read also: Financial firm ION hit with a cyber-attack, Hive ransomware disrupted in a global cyber operation, and more.

We’re excited to announce a new product enhancement to AppTrana called “Global Actions”. This feature allows users to whitelist/ blacklist IPs, IP Ranges, and Countries across all sites. Before we delve into the feature and its advantages for AppTrana users, let’s understand what whitelisting and blacklisting pertaining to IPs/ Countries are and how they can be executed seamlessly using AppTrana.

In this article, we examine the impact of a shared responsibility model on end-user security administration in managed Kubernetes environments. We also explore typical difficulties and effective methods for securing these environments.

TL;DR: There is a common belief that when it comes to uncovering bugs in the DevSecOps cycle, catching things early on is often better. While this approach certainly works well for Software Composition Analysis (SCA) and Static Application Security Testing (SAST), it doesn’t really apply to Dynamic Application Security Testing (DAST) in modern environments.

Hive has been seized by law enforcement, but were likely to still see these initial access methods and tactics used across other threat actor groups.

Our SOC Performance Report found that it takes an average of seven months to fill open SOC positions, and 55% of those doing the hiring are struggling to find qualified staff. As a result, SOC resources are strained, putting the team at risk for fatigue and burnout, which can cause them to miss critical alerts. Research has shown this is a widespread issue, too, as most SOCs waste an average of 10,000 hours annually validating unreliable and incorrect alerts.

Looking to advance your career in the ever-growing cybersecurity field? If so, obtaining the proper certification is a great way to show your knowledge and set yourself apart from the competition. Ever-evolving cyber threats have made it essential for organizations to have an in-depth knowledge of cybersecurity and its best practices. As such, cybersecurity certifications have become highly sought-after qualifications for professionals in the field.

Containerised deployment is widely becoming a standard in every industry, ensuring these containers are protected at every level with a high level of accuracy is one of the most important tasks. Some industry vendors rely solely on the manifest files to provide them with a list of components, others have to manually convert the container image to a TAR archive before scanning, and even then they may only work on the application layer instead of evaluating the entire filesystem.