The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
It’s been just over a month since cybersecurity conferences returned in a big way with the comeback of RSA Conference after last year’s hiatus. A lot happened between 2020 and 2022 in the world, our lives, and cybersecurity, including the birth of a little no-code security automation start-up named Torq. RSAC 2022 was a great place to catch up on these changes and look forward to emerging trends and security needs.
CrowdStrike is a class-leading endpoint monitoring solution. It collects a wealth of activity data from each managed endpoint that can be fairly voluminous. This includes network connectivity, DNS request, process activity, health checks, and the list goes on. In fact, there are over 400 event types reported by CrowdStrike! These events are a gold mine for threat hunters and blue teams looking for unusual or malicious activity. It can be extremely costly to place all this data in a SIEM.
You’ve been waiting and planning all year. The sunscreen is packed, the neighbors have a spare key to water the plants while you are away, you made sure to set your out-of-office notifications, and emergency contact information has been updated. It is time for vacation season!
It’s no secret that government agencies are facing increasing restrictions and compliance regulations as they strive to ensure effective data governance and protection. “Agencies have a lot of regulated information that needs to be governed, and they need to make sure it’s not compromised,” says Corey DuBois, senior advisory presales solution consultant at ServiceNow. “There are a lot of checks and balances they need to have in place.”
Cross-site request forgery (CSRF) is an attack that tricks a user's browser into sending a malicious HTTP request to another website. This malicious HTTP request looks like it was sent by the user, but it actually comes from the attacker. A cross-site request forgery (CSRF) attempts to execute a change rather than trying to download personal data. Once an attack is executed there is no way for the attacker to directly monitor the result so attackers often execute multiple forgeries.
Despite the best efforts of individuals to protect their own data, they cannot always account for the cybersecurity shortcomings of larger organizations such as their employers, financial institutions, and healthcare providers entrusted with their personal information. Hotels should also be added to this list of vulnerable entities, as was made painfully apparent in the most recent Marriott data breach.
