Guy Bejerano

Are you coming to RSA Conference? If so, join us at SCW Coffee Shop! Bluestone Lane SOMA Coffee Shop 55 2nd St, San Francisco, CA 94103 On May 6th | 12:30PM PST. Join Secure Code Warrior CTO & Co-Founder, Dr. Matias Madou, Jeffrey Martin from Mendio, John B. Dickson from Lasithi Security, and Viswanath S C. from Thales Digital Identity and Security to learn about: Incredible techniques for winning over developers and helping them prioritize security The challenges in measuring security skill development, and how to overcome them Why a developer-centric ‘Trust Score’ could be the missing piece of the compliance puzzle for every top organization and can unlock the benchmarks needed to reach new levels of risk reduction in code. https://lnkd.in/gMzG2WuJ

12

So many breaches in 2024 started with simple Infostealer credentials —  Brilliant overview about Infostealers, with real breach examples, totally fun to hear & easy to understand:

10

It is easy to protect PL/SQL from security vulnerabilities. - https://lnkd.in/eqdFZB9n #plsql #protect #databreach

2

Last year we rocked the enterprise with the most comprehensive study on API security issues and the reasons why organizations aren’t moving faster to fix their largest unmitigated attack surface. Now we dive into banking and financial services, specifically. Hang out with me for this next webinar and discussion on how API security is transforming Layer 7. Join our webinar, "The State of API Security in Financial Services," to explore the challenges, threats, and solutions in today's evolving regulatory landscape. 🎙️ Our Chief Security Officer, Richard Bird, will discuss: 📜 The regulatory impact: understanding the implications of FFIEC, OCC, CFPB, and PCI-DSS compliance on API security. 🔍 The growing threat landscape: unauthorized access, data exfiltration, malicious bots, and the human element in API attacks. 🔧 The effectiveness of current solutions: evaluating the strengths and weaknesses of existing API security measures. 🎯 Best practices and strategies: actionable recommendations for strengthening API security, mitigating risks, and ensuring compliance. 📅 Save your spot and gain valuable insights to navigate API security and protect your organization's critical assets.

17

1 Comment

As we get back from the craziness of RSAC, I'm getting ready for the next big event on the horizon. The CISO Village Summit by Team8 is back with 100 CISOs and security leaders joining me this June in California! The magic of the Summit is more than that of a regular conference; our 300-strong community is a place of genuine curiosity, innovation, and collaboration, offering a forum for professional and personal growth alongside the industry's best. Throughout this exclusive five-day event, don't miss the chance to engage in meaningful discussions with industry leaders on: * The changing threat landscape * AI’s impact on cybersecurity’s challenges and solutions * Socio-economics and geopolitical tensions filtering into cybersecurity policy * The complex CISO-CEO relationship * And more. Spots are limited and closing fast— so apply now to not miss out! https://lnkd.in/gKj-jvS5 Team8 #Team8CISOVillage #Cybersecurity

171

9 Comments

𝑻𝒊𝒑 𝒇𝒐𝒓 𝑪𝒚𝒃𝒆𝒓 𝑭𝒐𝒖𝒏𝒅𝒆𝒓𝒔/𝑭𝒖𝒕𝒖𝒓𝒆 𝑭𝒐𝒖𝒏𝒅𝒆𝒓𝒔 - If you are heading to RSA and looking to do some research to get current state of the state on a specific domain then going through the RSA Exhibitors list might be good idea to plan your time on Expo floor -

17

Doing more to reduce the workload - all part of our remediation first approach.

14

1 Comment

Great thinking on best ways to identify, prioritize and focus on what's important and what's not in proactive security.

4

Are your endpoints compliant with the latest security configuration assessment recommendations? See how CoPilot leverages Wazuh SCA scans to detect non compliant endpoints! https://lnkd.in/g5qZyPXA

76

3 Comments

You know what happens when you can connect your users to their systems securely, friction free and without using jump hosts? You can start doing cool things like adding secondary MFA prompts to your sessions based upon resources, commands or even the content of the resource being accessed.

3

If you’re a #ciso or #cybersecurity, #antifraud or #networksecurity professional and want to see if the consumer is on your side - check out our 4th Annual global consumer survey co-sponsored by OWASP® Foundation! Spoiler alert: consumers are on the side of cyber more than ever! Woohoo! Use this to show the business that what cyber professionals do matters to the end customer (oh and maybe get budget for projects). :) #gocyber #redteam #blueteam #purpleteam #devsecops #secops #appsec #owasp - thank you to the Appdome team for making this seminal report possible!

25

1 Comment

🔥❗ PAN-OS RCE UPDATE: tl;dr: somehow it's getting worse For those of us just waking up and getting going in the UK, if you're tracking the RCE in PAN-OS (CVE-2024-3400), please be advised: Telemetry is no longer a pre-requisite for exploiting this vuln for RCE. This is being exploited in the wild by motivated threat actors right now. It has been for ages. Stop messing about and get patched.

11

A vulnerability has been identified, CVE-2024-27322, in the R programming language that permits arbitrary code execution by deserializing untrusted data. CERT Coordination Center (CERT/CC) has issued an advisory for CVE-2024-27322, cautioning against arbitrary code execution via malicious RDS or RDX files. What should you do? ⬆️ Update R to version 4.4.0 or later promptly. ⛔Until then, avoid interaction with untrusted RDS files or packages to mitigate risks. There is currently no public proof-of-concept or exploitation evidence available. https://bit.ly/44t7vFt

10

Simply patching isn't enough. Thorough remediation provides total control and elevates your security to a higher level. Register for the joint webinar by SecPod and Sonata Software, ''Remediation 2.0-Going beyond the temporary "Patch" band-aids,'' on July 10th at 3 PM IST. Gain insights into why advanced patch management is crucial for Enterprise IT teams to protect themselves from cyberattacks! Register here and secure your spot - https://lnkd.in/gzZzkayV Jagsir Singh Praveen Richard Sarala K Sharath Gowda Bise Gowda V #patchmanagement #secpod #sonatasoftware #itadmin

12

A shrewd move by Trinsic, and just in time. I predict huge success, kudos all around. IMO it takes them officially out of the SSI game, at least as a direct creator or driver of it. Riley Hughes has been clear, they’ve given every chance they could before needing to pivot to greener pastures, and this appears to be an excellent pivot. My POV: SSI will still happen, but indirectly as a result of other things gaining traction beforehand, such as organizational identity, GLEIF’s vLEI, EU ID, etc. As a platform of platforms, Trinsic will still be positioned well to provide verification services for those services as they come along, enabling Trinsic to still help facilitate true SSI when the world is finally ready for it, and thrive in the meantime. Shrewd indeed. Bravo, Riley, Michael, and the rest of the Trinsic team!

32

4 Comments

Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a popular model, save it, and redistribute it, tainting the supply chain of dependent AI/ML applications. VU#253266 - Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models https://lnkd.in/dut4JJRg

4

CyberArk-Venafi is the largest strategic acquisition we've seen in identity since Okta bought Auth0 three years ago. Billion-dollar acquisitions happen in this space, but not very often! Any time we see one, it's significant for our industry. There have only been seven total strategic acquisitions over $1 billion in the identity security market (intentionally excluding private equity deals). CyberArk-Venafi is the sixth largest by a strategic. This deal is just behind Dell's (now divested) acquisition of RSA Security in 2006, and just ahead of Centrify's PE-backed acquisition of Thycotic (to form Delinea). CyberArk is actually one of the smallest companies to do a deal of this size — which could signal a (small, but more than what we've historically seen) run of larger scale acquisitions from other strategic buyers in the industry.

70

8 Comments

Proposed Implementer's Draft of OpenID Federation The OpenID Connect working group has started working group last call (WGLC) for a proposed Implementer’s Draft of the OpenID Federation specification. As described in the WGLC message: "OpenID Federation -35 has been published at https://lnkd.in/g-N77DdF and https://lnkd.in/gdv-JTa2. This draft is being proposed as the fourth (and hopefully final) Implementer’s Draft of the specification." An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. The two-week working group last call ends on Friday, May 31, 2024. Unless reasons are identified during the last call to substantially revise the specification, the 45-day OpenID Foundation-wide review of the specification for approval as an OpenID Implementer’s Draft will shortly follow. Special thanks to all the implementers and deployers who provided feedback to get us to this point! See the post at https://lnkd.in/gmEhYueB. OpenID Foundation Roland Hedberg Giuseppe De Marco Vladimir Dzhuvinov John Bradley Andreas Åkre Solberg #OpenID #Federation

68

5 Comments

# Polyfill.io is a security process vulnerability You might have read about the polyfil.io CDN service that got taken over to serve malicious code snippets. (https://lnkd.in/eZiu_CHU) People called this a supply chain attack. To me, this is a process issue, a case where most teams in the world simply didn't follow the correct AppSec and InfoSec processes. My questions are as follows:  1. Why are your developers writing code that knowingly loads JavaScript code from a third-party domain without following any infosec or risk auditing process?  2. Polyfill.io was originally owned by FT. Why would any website allow a newspaper to track all their users?  3. This style of attack is not even new. BA (jQuery), video.js attack, and several 100s more happened in the last decade. Are your frontend developers and CMS people even aware of such attacks? The next time you see a developer who wants to use a package or add a code snippet to a public website, ask them these two questions - “Have you done a risk audit for this package or the domain, even a basic one with some open-source tools?” "Have you added this domain to the allow-list in the CMDB?". This “secure by design” and full-stack inventory mindset is what we need. An action item for my team is to enhance #cdxgen this year to collect more endpoints and services from file types such as HTML etc. Who knows, may be our work might inspire more application security companies to take "inventory management" as seriously as "vulnerability management".

13

1 Comment