Today’s global risk landscape has made digital and physical security even more complex and nuanced, especially considering major critical events like the invasion of Ukraine, which demonstrate that one massive critical event can create many others globally with far-reaching effects. These can include displacement of people, physical security threats, cyber-attacks, and other devastating impacts.

Ransomware is on everyone’s minds these days, with attacks against small businesses, hospitals, and local governments increasingly in the headlines. Managed IT service providers are experiencing a dramatic increase in attempted cyberattacks.

Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation.

When it comes to application security testing, choosing the tool best suited for the job is critical. There are so many various tools on the market that determining which one is best for your needs may be difficult. In this article, we will discuss 10 of the best testing tools and outline the features you should look for when making your decision.

Dirty Pipe vulnerability is a Linux kernel vulnerability that allows the ability of non-privileged users to overwrite read-only files. The vulnerability is due to an uninitialized “pipe_buffer.flags” variable, which overwrites any file contents in the page cache even if the file is not permitted to be written, immutable, or on a read-only mount, including CD-ROM mounts. The page cache is always writable by the kernel and writing to a pipe never checks any permissions.

Last year, we launched functionality for users to add policy for reporting data, compliance reports, promise types, and other code as modules. With CFEngine Build, users can manage and update their own policy, the default policy and any additional modules separately. This makes it very easy to utilize policy or other modules written by the CFEngine team, or other community members. In this post we will take a look at using some modules to improve the security of our infrastructure.

Many companies are looking to find a source of threat intelligence that can give them better visibility into the risks unique to their technology stack. While some may not be using threat intelligence, others may not be getting the value they could. Choosing and integrating threat intelligence sources into your cybersecurity monitoring is challenging, but you do need to keep some considerations in mind during the process.

Securing your SAP environments is critical to the operational success of your business. And SAP does a great job of trying to stay ahead of any vulnerabilities in their solutions by offering HotNews. As critical vulnerabilities are discovered, SAP weights their critical quality, declaring a level of severity and attributing a score - 10 being the most critical - along with a description and resolution of the patch.