Keep Your IAM Users Close, Keep Your Third Parties Even Closer
January 28, 2021Technical and legal controls that you take for granted when managing cybersecurity policy within your organization are usually out of reach when a third party is compromised.
Auditing iam:PassRole: A Problematic Privilege Escalation Permission
January 13, 2021How to determine which identities need iam:PassRole to help enforce “use it or lose it” least privilege.
Cloud infrastructure is not immune from the SolarWinds Orion breach
December 23, 2020Organizations exposed to the SolarWinds breach must identify exposed credentials and rotate them asap.
The AWS Managed Policies Trap
December 20, 2020These policies are simultaneously appealing and dangerous. Here’s how to use automated analysis of environment configuration and activity logs to avoid getting caught in the trap.
Who Holds the Keys to the Kingdom?
November 15, 2020Take a closer look at sensitive AWS Resources:secret strings and keys used in AWS, learn about the Resources and access control mechanisms relevant to them, delve into the challenges of tracking the permissions granted to them, and see ways in which automating analysis of environment configuration and logs in AWS can help.
CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild
October 29, 2020A remote code execution vulnerability in Oracle WebLogic Server has been actively exploited in the wild just one week after a patch was released and one day after a proof of concept was published.Upda...
AWS Identity Federation and Least Privilege – Friends or Foes?
October 7, 2020Learn how to address the challenges in basic and advanced implementations of AWS federation.
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
September 29, 2020Six vulnerabilities in a popular license management product put industrial control systems at risk for remote attacks. Background On September 8, researchers at Claroty published their detailed anal...
Understanding Cross-Origin Resource Sharing Vulnerabilities
September 11, 2020To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource SharingToday’s modern web applications rely hea...
Protect Applications and Data with Cloud Infrastructure Entitlements Management (CIEM)
August 3, 2020Breaking down the hype around cloud infrastructure entitlements management.
Scams Exploit COVID-19 Giveaways Via Venmo, PayPal and Cash App
May 13, 2020The economic impact of COVID-19, which is causing record unemployment, creates a golden opportunity for scammers looking to target vulnerable people desperate for cash to help pay their bills.As Cash ...
What Is VPR and How Is It Different from CVSS?
April 16, 2020This blog series will provide an in-depth discussion of vulnerability priority rating (VPR) from a number of different perspectives. Part one will focus on the distinguishing characteristics of VPR th...