We break down the timeline of the number one threat to ecommerce sites today – Magecart! This timeline includes all the significant Magecart attacks in 2019. With 4,800 formjacking attacks each month alone, this timeline only represents a small proportion of attacks reported in the public domain in 2019. Detect Web-skimming, Formjacking, and Supply Chain attacks before a Data Breach occurs with Magecart detection.

Hey, there. This is part five of the Elastic SIEM for home and small business blog series. If you haven’t read the first, second, and third blogs, you may want to before going any further. In the Getting started blog, we created our Elasticsearch Service deployment and started collecting data from one of our computers using Winlogbeat. In the Securing cluster access blog, we secured access to our cluster by restricting privileges for users and Beats.

SRE and Security teams rely heavily on alerts to know whether their systems are experiencing issues and to prevent any future outages. At LogDNA, customers can set alerts that trigger when specific logs match (presence alerts) or set an alert to go off if there are expected lines that haven’t come through (absence alerts). These alerts can be set up with various channels so you can be alerted in the product of your choice (Slack, Email, PagerDuty, etc).

Because monitoring requires some degree of access to your applications, it’s important that you take certain steps to ensure the right amount of access without compromising your app’s security. In this first in a series of posts, we’ll go over some high-level best practices to securing Sensu, followed by a webinar later this month which will offer a deeper dive into setting up certificates.

Yesterday, Jan. 14, 2020, on the first “patch tuesday” of the year, Microsoft released patches for critical vulnerabilities in Microsoft Windows client and server operating systems.

In this blog post, you will learn how to setup image scanning with Github Actions using Sysdig Secure DevOps Platform. We will create a basic workflow to perform a local scan to detect vulnerabilities and bad practices before the image is pushed to any registry. We will also customize scanning policies to stop the build according to a set of defined rules.

In the previous post, we covered some of the frameworks accessible by kernel extensions that provide information about file system, process, and network events. These frameworks included the Mandatory Access Control Framework, the KAuth framework, and the IP/socket filter frameworks. In this post, we will go into the various tips and tricks that can be used in order to obtain even more information regarding system events.

This year at BSidesDFW, my local security conference, I highlighted a continuing trend of adversaries using open source offensive tools. The talk reviewed one of these post-exploitation frameworks named Koadic and walked through different ways defenders can build behavioral detections through the use of Event Query Language (EQL).

Tomcat servers are widely used application servers for today’s development architectures, popular for hosting Java based applications. Below is a guide on best security practices for security your Tomcat Server environment. Banner grabbing is the process of gaining information from computer systems including services, open ports, version, etc. When sending a server host request via telnet command, you pass along the server name, port, and version.

During research into Magecart attacks, I recently uncovered malicious code from two hacking groups attempting to steal credit card information on the European e-commerce websites for the science-backed skincare brand Perricone MD (affecting perriconemd.co.uk, perriconemd.it and perriconemd.de). Founded by U.S. celebrity dermatologist Nicholas Perricone, the company generated sales of $86 million in 2014 and are looking to fetch more than $200 million in a rumoured upcoming sale.