5 Tips for Evaluating SOC 2 Security Monitoring Platforms
tl;dr: If you're needing to get SOC 2 certified, you're likely looking for the fastest and easiest platform to get it done. Let's be honest, it isn't fun (and usually not fast or easy either). It helps to know what to look for in a security monitoring platform so that you can avoid any unexpected hiccups. Here are the top 5 things to pay attention to in your evaluation process.featured in #277
The Internet Is Held Together With Spit & Baling Wire
- Brian Krebs tl;dr: "Collectively, the information voluntarily submitted to the IRRs (Internet Routing Registries) forms a distributed database of Internet routing instructions that helps connect a vast array of individual networks." Brian illustrates how IRRs can be spoofed - by a simple email - to remove or alter routing entries for multiple e-commerce providers, banks and telecommunications companies at the same time.featured in #272
The Invisible Javascript Backdoor
- Wolfgang Ettlinger tl;dr: "Unicode should be kept in mind when doing reviews of code from unknown or untrusted contributors. This is especially interesting for open source projects as they might receive contributions from developers that are effectively anonymous." Wolfgang highlights how invisible unicode characters are leveraged to breach security.featured in #268
Why Secure Access To Cloud Infrastructure Is Painful
- Ev Kontsevoy tl;dr: Secure access to cloud infrastructure doesn't have to be painful. Access Plane consolidates connectivity, authentication, authorization, and audit in one place.featured in #261
The Rise Of One-Time Password Interception Bots
tl;dr: Customers would enter a target’s phone number and name. The service would initiate an automated call that alerts that person about unauthorized activity on their account. The call would prompt the target to enter an OTP token generated by their phone’s mobile app (“for authentication purposes”), and that code would get relayed back to the bad actors.featured in #256
featured in #253
How To Improve Your Docker Containers Security (Cheat Sheet Included)
- Thomas Segura tl;dr: "Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security. Check out the one-page cheat sheet."featured in #243
A Guide To Threat Modelling for Developers
- Jim Gumbley tl;dr: "Threat modelling is a risk-based approach to designing secure systems." This article encourages developers to start simple with 3 questions. What are you building? What can go wrong? What are you going to do?featured in #185
What Science Can Tell Us About C And C++'s Security
- Alex Gaynor tl;dr: Research suggests that using memory-safe programming languages results in reduction in number of vulnerabilities.featured in #184
The Confessions Of Marcus Hutchins, The Hacker Who Saved The Internet
- Andy Greenberg tl;dr: "At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story."featured in #182