Risk Decisions in an Imperfect World

Risk decisions are the foundation of information security. Sadly, they are also one of the most often misunderstood parts of information security. This is bad enough on its own but can sink any effort at education as an organization moves towards a DevOps philosophy. To properly evaluate the risk of an event, two components are…
The post Risk Decisions in an Imperfect World appeared first on . Read More HERE…

Read more

Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601

So much for a quiet January! By now you must have heard about the new Microsoft® vulnerability CVE-2020-0601, first disclosed by the NSA (making it the first Windows bug publicly attributed to the National Security Agency). This vulnerability is found in a cryptographic component that has a range of functions—an important one being the ability…
The post Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601 appeared first on . Read More HERE…

Read more

A New Playground for Cybercrime: Why Supply Chain Security Must Cover Software Development

Most organisations see supply chains as providers of physical goods and services. The supply chain management function in these companies usually provides the governance framework to reduce third-party risks and prevent hackers from stealing data, disrupting daily operations and affecting business continuity. But there’s another crucial part of this ecosystem which some organisations may be…
The post A New Playground for Cybercrime: Why Supply Chain Security Must Cover Software Development appeared first on . Read More HERE…

Read more

Whats So Strategic About the Trend Micro and Snyk Partnership?

What does a partnership between Trend Micro and Snyk mean for you, the customer? Can you really develop and deploy applications anywhere without security slowing you down? Greg Young, VP of Cybersecurity for Trend Micro, explains how the partnership benefits Trend Micro and gives our customers an extra edge in their security platform.
The post Whats So Strategic About the Trend Micro and Snyk Partnership? appeared first on . Read More HERE…

Read more

Cyberattack Lateral Movement Explained

[Lightly edited transcript of the video above] Hi there, Mark Nunnikhoven from Trend Micro Research, I want to talk to you about the concept of lateral movement. And the reason why I want to tackle this today is because I’ve had some conversations in the last few days that have really kind of hit that…
The post Cyberattack Lateral Movement Explained appeared first on . Read More HERE…

Read more

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.
The post A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response appeared first on Microsoft Security. READ MORE HERE…

Read more

How to get Ahead of Vulnerabilities and Protect your Enterprise Business

Security vulnerabilities are popping up all the time, and can put any business that uses technological assets at risk. In a nutshell, vulnerabilities represent the ideal opportunity for malicious actors to break into systems and wreak all types of havoc. From data theft to information compromise and beyond, vulnerabilities are a particularly pertinent issue for…
The post How to get Ahead of Vulnerabilities and Protect your Enterprise Business appeared first on . Read More HERE…

Read more

Attacking Containers and runC

This week a new vulnerability was published (CVE-2019-5736) that highlights everything bad and good about containers. Simply put, this vulnerability can be exploited using an infected container to attack the host. It’s a real world example of a breakout attack that has long been a major concern in virtualized and container environment. Here, the attack…
The post Attacking Containers and runC appeared first on . Read More HERE…

Read more

Incident Response In The Public Eye

Cyberattacks happen constantly. Every day organizations are attackers online whether they realize it or not. Most of these attacks are passing affairs. The mere fact that systems are on to the internet makes them a target of opportunity. For the most part, these attacks are non-events. Security software, bugs in attack code, and updated applications…
The post Incident Response In The Public Eye appeared first on . Read More HERE…

Read more