Common Cloud-Native Security Misconfigurations & Fixes

Cloud configuration errors are a major concern for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...

The vulnerability of the Simple DirectMediaLayer library, related to integer overflow, allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Simple DirectMediaLayer library is related to a potential overflow when creating a new RGB surface. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and even cause service failures through the use of a special...

One Year After IntSights Acquisition, Threat Intel’s Value Is Clear

Rapid7 Strengthens Market Position With 360-Degree XDR and Best-in-Class Threat Intelligence Offerings Time flies… and provides opportunities to establish proof points. After recently passing the one-year milestone of Rapid7’s acquisition of IntSights, the added value threat intelligence brings t...

Control System Defense: Know the Opponent

Summary Traditional approaches to securing OT/ICS do not adequately address current threats. Operational technology/industrial control system OT/ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for...

Limiting the Software Supply Chain Attack Surface

Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...

Why Organizations Struggle with Patch Management (and What to Do about It)

The cybersecurity attack surface continues to grow exponentially. Modern technologies are being deployed on-premises and in the cloud as part of digital transformation journeys. Meanwhile, the current practice of identifying, classifying, prioritizing, and remediating vulnerabilities has become...

Cybersecurity Awareness Month 2022: 3 Actionable Tips

Make Cybersecurity Awareness Month a year-long initiative with these three actionable security tips to reduce cyber risk across the attack surface...

External attack surface and ongoing cybercriminal activity in APAC region

To prevent a cyberattack, it is vital to know what the attack surface for your organization is. To be prepared to repel the attacks of cybercriminals, businesses around the world collect threat intelligence themselves or subscribe for threat intelligence services. Continuous threat research enabl...

Red Teaming to Reduce Cyber Risk

Discover how red teaming can help reduce cyber risk across your ever-expanding digital attack surface...

What’s most important for a CISO in API security?

As threats to networks and systems have changed, so have CISOs’ priorities. API security has grown more important with everything as a service and in the cloud. Todays CISOs must ensure they have a plan for protecting APIs. To learn what’s most crucial when protecting APIs, we surveyed CISOs and...

Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

We analyzed the Distroless technique for reducing the size of container images and explored its capabilities to address security concerns. We provide an alternative approach to Distroless that reduces the attack surface for malicious actors targeting cloud-native applications while optimizing clo...

Metaverse Broadband Infrastructure Security

The metaverse is coming—but what does that mean for network infrastructure? We explore expected changes, network challenges, and tips for enhancing network security to minimize cyber risk across the attack surface...

Stop Ransomware with Microsoft Security digital event presents threat intelligence in action

One of the biggest challenges in security today is visibility. And by visibility, I don’t just mean keeping an eye on ever-evolving cyberthreats, but also seeing your own security environment clearly—especially where you’re vulnerable. For defenders who are working hard to manage threats across...

Stop Ransomware with Microsoft Security digital event presents threat intelligence in action

One of the biggest challenges in security today is visibility. And by visibility, I don’t just mean keeping an eye on ever-evolving cyberthreats, but also seeing your own security environment clearly—especially where you’re vulnerable. For defenders who are working hard to manage threats across...

Microsoft Security highlights from Black Hat USA 2022

Black Hat USA 2022 marked the twenty-fifth year that security researchers, security architects, and other security professionals have gathered to share the latest research, developments, and trends. Microsoft was among the companies participating in the conference, which was from August 6 to 11,...

Microsoft Security highlights from Black Hat USA 2022

Black Hat USA 2022 marked the twenty-fifth year that security researchers, security architects, and other security professionals have gathered to share the latest research, developments, and trends. Microsoft was among the companies participating in the conference, which was from August 6 to 11,...

The Race to Secure eBPF for Windows

The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...

CVE-2022-20357

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

A Secure Access Service Edge (SASE ) Guide for Leaders

Discover the benefits of SASE in adopting modern security architectures to reduce cyber risk across the attack surface...

PT-2022-14583 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12 through Android-12L Description: The issue is related to a possible information disclosure due to uninitialized data in the writeToParcel function of SurfaceControl.cpp. This could lead to local information...