What to Do About Log4j

What to Do About Log4j

Log4j does not sanitize inputs. Tactical Measures The first challenge is to find out where your code and applications might have the vulnerability. There are tools to scan for the presence of the string ”log4j” including Snyk and others. These will find any places in your source code libraries that have calls to the code. The next step is to verify whether that source code was ever actually deployed into your production environment. Sometimes developers…

Read More

This Week in Security News – December 17, 2021

This Week in Security News – December 17, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read on Purple Fox’s infection chain observed by Trend Micro’s Managed XDR. Also, learn about the Log4j vulnerability that has the potential to cause ‘incalculable’ damage. Read on: A Look into Purple Fox’s Server Infrastructure In this blog, Trend Micro sheds light on the later stages of Purple…

Read More

Why You Need XDR in Today’s Threat Landscape

Why You Need XDR in Today’s Threat Landscape

Why You Need XDR in Today’s Threat Landscape Detection and Response Trend Micro’s VP of Threat Intelligence, Jon Clay, explores the latest trends in today’s threat landscape and why XDR is key to enabling more resilience. By: Jon Clay December 13, 2021 Read time:  ( words) I’m proud to share the Forrester New Wave™: for Extended Detection and Response (XDR) that named Trend Micro a Leader in both current offerings and strength of strategy. I’d…

Read More

How Zero Trust and XDR Work Together

How Zero Trust and XDR Work Together

XDR alone is an effective security capability. However, when used in tandem with the Zero Trust approach, organizations can further enhance their security. XDR has two significant assets that can support a Zero Trust strategy: strong endpoint (user, cloud workload, device, etc) controls and organization-wide data collection and correlation from across the IT infrastructure. Here’s how it works: Strong endpoint controls deliver a solid foundation for verifying and establishing trust by providing security teams with…

Read More

This Week in Security News – December 10, 2021

This Week in Security News – December 10, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s predictions for security in the coming year. Also, learn about the Biden administration’s latest initiatives for curtailing attacks on the transport infrastructure. Read on: Pushing Forward Key Takeaways from Trend Micro’s Security Predictions for 2022 Because of the Covid-19 pandemic, organizations have learned to…

Read More

Top 10 Azure Cloud Configuration Mistakes

Top 10 Azure Cloud Configuration Mistakes

Top misconfigured rules for Azure services Let’s look at three top misconfigured services for Azure and the Conformity rule for that service with the highest misconfiguration rate. Service: Azure Activity LogRule(s): “Create alert for ‘delete PostgreSQL database’ events” and “create alert for ‘create/update PostgreSQL database’ events” The top misconfigured rules for Azure Activity Log are related to PostgreSQL, a fully managed database-as-a-service platform. “Create alert for ‘delete PostgreSQL database’ events” and “create alert for ‘create/update…

Read More

Virtual Patching 101

Virtual Patching 101

Virtual Patching 101 Network Security Get the lowdown on virtual patching: a simplified, automated solution to shielding vulnerabilities from exploits. By: Trend Micro December 07, 2021 Read time:  ( words) Ever heard the phrase “one and done?” This applies to vulnerabilities as well. Just one vulnerability can be targeted by threats and wreak havoc on your apps and organization. And while some vendors may release a patch, oftentimes you can’t just wait around for the…

Read More

This Week in Security News – December 3, 2021

This Week in Security News – December 10, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how Squirrelwaffle utilized ProxyLogon and ProxyShell to hack email chains. Also, read on a recent data breach of the Los Angeles Planned Parenthood Network. Read on: Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains In September, Squirrelwaffle emerged as a new loader that is spread…

Read More

5 Things to Do from the AWS re:Invent Day 3 Agenda

5 Things to Do from the AWS re:Invent Day 3 Agenda

5 Things to Do from the AWS re:Invent Day 3 Agenda Compliance & Risks Welcome to your complete guide to AWS re:Invent 2021 Day 3, where you will find tips on how to get the most out of your conference experience both in Las Vegas and virtually. By: Trend Micro December 01, 2021 Read time:  ( words) You’re in the endgame now, so it’s time to clean up and get any lose-ends tied up.  If…

Read More

Top 10 AWS Security Misconfiguration

Top 10 AWS Security Misconfiguration

Swift cloud adoptions spurred on by the global pandemic has led to oversights, errors, or ill-informed cloud service configuration choices (commonly referred to misconfigurations). You may have heard that securing the cloud can be complex, but something as “simple” to stop as a misconfiguration can ultimately lead to the unintended exposure of mission-critical information and assets. Major cosmetic retailer, Estee Lauder, experienced a major breach due to a misconfiguration, resulting in more than 440 million…

Read More
1 13 14 15 16