Collaborate Disseminate
In this Help Net Security podcast recorded at Black Hat USA 2019, Brandon Edwards, Chief Scientist at Capsule8, talks about about a compendium of container escapes, and the RunC vulnerability in particular. Here’s a transcript of the podcast for your c… Continue reading A compendium of container escapes
The number of DDoS attacks might be getting higher, but they are not all massive nor do they always trigger DDoS defenses. In fact, small-scale DDoS attacks are becoming more frequent and sophisticated, according to new research from Neustar’s SOC. Acc… Continue reading The changing face of DDoS attacks: Degraded performance instead of total takedown
In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process. Security obviously will have some say in a patch management process because … Continue reading Optimizing the patch management process
What do the top data breaches of the 21st century have in common? Privileged identity abuse. In these breach instances, well-resourced, external actors were able to gain the credentials of users with access to privileged accounts – such as administrati… Continue reading Protecting your organization against privileged identity theft
SOCs constantly need tools to improve effectiveness, efficiency, and productivity. In surveying the market, Help Net Security evaluated SecBI’s solution for improvement via automated threat detection, response and hunting. Read our report to find… Continue reading Help Net Security report: SecBI’s automated threat detection, response and hunting
Despite more than a few decades’ worth of technological advancement and millions of dollars’ worth of research, cyber threats continue to flourish. The situation has been wreaking havoc—and creating financial nightmares—in virtually every industry arou… Continue reading SOC-as-a-Service promises threat protection in a world of scarce resources
Application programming interfaces have always been important gateways to our applications, but in recent years, they’ve silently become both more prevalent and more central to app functionality. APIs are everywhere and inside of everything we’re using… Continue reading Make sure you keep an eye on your APIs
Spreadsheets are dumb. Okay, it’s not that spreadsheets are dumb, or that the people who use them are dumb. That’s not at all what I’m saying. What’s dumb is using spreadsheets to manage third-party information security risk. If I’m going to call somet… Continue reading Moving away from spreadsheets: How to automate your third-party risk management process
The dizzying pace of technological change makes knowledge acquisition and skill development a very big deal in the IT and IT security industry. Luckily, the opportunities for both are myriad, but how to pick the right ones for you? Older, more experien… Continue reading Pitfalls to avoid when improving your software development skills
Auditing 1.5 million lines of code is a heroic undertaking. With resources provided by the Cloud Native Computing Foundation (CNCF), the Kubernetes Project leadership created the Security Audit Working Group to perform an audit in an open, transparent,… Continue reading Kubernetes security matures: Inside the project’s first audit