PCI DSS 4.0 - The Update
Razorthorn MD, James Rees, has been a PCI DSS QSA for much of his career - hear his initial thoughts on the latest update. Get in touch if you have any questions for him.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
GitOps vs. DevOps: What's the Difference and Why Should You Care?
DevOps has been the methodology of choice among developers for over a decade. No doubt, it’s proven its efficiency and ability to speed up processes while uniting teams by promoting open communication and shared responsibility. But will GitOps steal the spotlight? We’re exploring the answer in today’s post by looking at these two methodologies’ similarities and differences, advantages, and limitations.
Tools for Threat Hunting and IT Service Risk Monitoring
Cybersecurity can often seem intimidating for IT teams. After all, things like “threat hunting,” “red teaming,” and “blue teaming” are not used in IT operations. On the other hand, just because these words are terms of art doesn’t mean that they’re activities you don’t do already. You’re probably already using log data as part of your IT operations incident response.
How Fireblocks Is Innovating MPC Wallet Technology
Our MPC-CMP algorithm at Fireblocks has brought a complete evolution in our clients’ security architecture. There are many benefits in utilizing MPC, such as the distribution of signing, the removal of a single point of failure from the system, and flexible M event signing structures. But MPC has its downsides, including a low transaction speed due to multiple rounds in the MPC signing process, and a lack of a truly air-gapped MPC solution.
Customer Stories: Tyler Warren of Prologis
In this short video, Tyler Warren, Deputy Information Security Officer at real estate leader Prologis, explains why companies must start with an accurate inventory of their APIs to ensure security. Hear how Prologis increased visibility into its APIs and created a more security-aware culture in the company.
Microsoft releases open-source tool for securing MikroTik routers
This blog was written by an independent guest blogger. In mid-March, Microsoft released a free, open-source tool that can be used to secure MikroTik routers. The tool, RouterOS Scanner, has its source code available on GitHub. It is designed to analyze routers for Indicators of Compromise (IoCs) associated with Trickbot. This article will introduce some background on the MikroTik vulnerability, the Trickbot malware, and some ways you can protect yourself.
CVE-2022-24675 - Stack overflow (exhaustion) in Go's PEM decoder
A few days ago it was reported that the new Go versions 1.18.1 and 1.17.9 contain fixes for a stack overflow vulnerability in the encoding/pem builtin package, in the Decode function. Given the high popularity of Go among our customers and in the industry at large, this update led us to investigate the vulnerability in previous versions.
How to convince your friends, family, and peers to start using a password manager
One of the many values of 1Password is that we make it faster and easier to use strong, unique passwords everywhere online. That’s great if you already have a good handle on why password strength matters for online security. But we know that not everyone does.
What are Active Directory FSMO roles and How do they Work
The FSMO (Flexible Single Master Operations) roles are vital when it comes to Active Directory. The FSMO roles help keep Active Directory consistent among all of the domain controllers in a forest by allowing only specific domain controllers to perform certain operations. Additionally, Active Directory FSMO Roles are essential for your Active Directory environment’s stability and security.
What We Can Learn From SolarWinds Security Breach
65% of cyber attacks today happen due to the negligence of a third party. SolarWinds security breach is a good example of that. In this case, hackers used a method known as a supply chain attack to insert malicious code into their Orion System. From there, they managed to crack into the SolarWinds network and put malware into the environment. SolarWinds did a great job following up on this. They made significant improvements and are currently rated as a B by SecurityScorecard.