Turning collaboration and customer engagement up with a strong identity approach

In these challenging times, it’s even more apparent that modern companies are managing a blended workforce that encompasses not only their full-time staff and customers but also their contractors, consultants, subsidiaries, suppliers, partners, and soon-to-be customers. Balancing friction-less...

Akamai Enhances Enterprise Threat Protector to Add Secure Web Gateway Capabilities

Today, Akamai announced that it has added secure web gateway SWG capabilities to its Enterprise Threat Protector ETP service to help enterprises further accelerate their transformation to a Zero Trust security architecture. So what are the SWG enhancements and what benefits will these deliver for...

SAP Commerce Cross-Site Scripting Vulnerability (CNVD-2020-21059)

SAP Commerce is a cloud-based e-commerce platform from SAP, a German company. The product supports sales management, marketing management, order management and operations management , etc. SmartEdit Extension is one of the smart editor extension program . A cross-site scripting vulnerability exis...

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

The RSA Conference, the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning,...

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

The RSA Conference, the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning,...

Why You Need Cloud-Based Security for Agile, Innovative and Lean IT

Digital transformation isn't just a buzzworthy trend or a finite phase for today's businesses. Rolling adaptation to an ever-changing environment and continuous digital evolution has become the new normal for enterprises -- the key to success in this agile, demanding, and hyper-connected age. To...

Wallarm team is growing!

Wallarm’s unique approach provides actionable insight that identifies and protects against real attacks and vulnerabilities. I’m excited to be part of the team that automates this for modern services and cloud-based applications. The post Wallarm team is growing! appeared first on Wallarm Blog...

Security at the Edge - What is Gartner's SASE & why does it matter?

Recently, Gartner published a report called "Market Trends: How to Win as WAN Edge and Security Converge Into the Secure Access Service Edge" that dives into how to enable security and network access controls as-a-service from the cloud. But what is Gartner's SASE pronounced like "sassy"? The...

How Cloud-Based Automation Can Keep Business Operations Secure

The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers' accounts, has only reinforced the belief...

Cybersecurity Firm Imperva Discloses Breach

Imperva, a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores,...

How to Prepare for Misconfigurations Clouding the Corporate Skies

Cloud-based storage and infrastructure provides myriad benefits for any organization, like letting them avoid the costs of expensive hardware and granting them quick access to infrastructure as needed. Companies can use cloud services for minutes or years, depending on their needs. However, there...

XDR Is The Best Remedy As Attackers Increasingly Seek To Evade EDR

Real enterprises are messy places. One messy reality is that enterprises don’t manage all their endpoints. A smart colleague turned me onto using the % of endpoints and servers managed as a prime security metric. On one end of the spectrum are places like universities that maybe manage 10% of the...

ACSC Releases Advisory on Password Spraying Attacks

The Australian Cyber Security Centre ACSC has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This...

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Earlier this year, I reached out to Check Point researcher Eyal Itkin, who had published multiple flaws in several Remote Desktop Protocol RDP clients, including a vulnerability in mstsc.exe, the built-in RDP client application in Windows. While there were no active exploits detected in the wild,...

Ninja Turtles in your network: LAN Turtle 3G. A how-to for red teaming

Introduction This post will detail how to configure and utilise a LAN turtle 3G from Hak 5 to gain a persistent, remotely accessible presence within a network. With ethernet ports becoming less common on new hardware, many people have been forced into deploying an array of various dongles and...

MozDef - Mozilla Enterprise Defense Platform

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to...

SQL Injection Vulnerability in B2C_UQ Cloud Business System (CNVD-2019-18481)

UQ Cloud Business System B2C version is a compact e-commerce system, the platform is developed by PHP7.0+Mysql. B2CUQ Cloud Business System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Egyptian DDoS Campaign Observations

Between March 19 and March 25, 2019, there was a very large amount of DDoS traffic sourced from a specific Egyptian Autonomous System ASN directed at Akamai Prolexic customers. It's worth noting this is an ASN we rarely see in our pre-attack, or top source IPs during active attacks. When it showe...

What’s Behind the Wolters Kluwer Tax Outage?

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's...

Edge DNS Secondary Implementation: Order or Operations for NS Zone & Registrar Records

Akamai's Edge DNS service provides cloud-based, authoritative domain services to thousands of organizations. Edge DNS is the most widely deployed cloud DNS service pushed to the edge of the Internet. Every organization must protect their domain name. Akamai originally built Fast DNS now Edge DNS ...