Member Spotlight: Pablo Agrio

This month’s member spotlight is Pablo Agrio, vulnerability management lead for SHEIN. Pablo always felt that he had a knack for defense, on the sports field and in debates, pleading his case as a kid, so he looked for a career where he could fuse his interest in IT with his defensive mindset. Knowing he…

Read More

Ransomware, BEC, and Phishing Top Cisco Talos Incident Response Trends Q3 2022 Report

Key Takeaways On October 25, 2022, Cisco Talos Incident Response (CTIR) researchers published their Quarterly Report: Incident Response Trends in Q3 2022. Key findings include: Ransomware was the top threat this quarter, a slight change from last quarter where commodity trojans surpassed ransomware by a narrow margin. Several high-profile ransomware groups appeared in CTIR engagements…

Read More

Application Security Challenges Caused by Cloud APIs

Application programming interfaces (APIs) are essential to the functioning of the cloud. APIs are what allow access to and management of cloud services. They also are frequently used to connect microservices, such as containers, within the cloud. In the last decade, application development has moved away from the creation of one monolithic application in favor…

Read More

Alleged Windows Zero-Day Exploited in the Wild to Bypass Security Warnings via JavaScript Files

Context On October 22, 2022, Bleeping Computer reported the technical details of a new Windows zero-day vulnerability that “allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings.” Bleeping Computer assesses that the zero-day was leveraged by ransomware threat actors to deliver the Magniber ransomware in a recent campaign. Technical Details…

Read More

Why Application Security is Moving to the Cloud to Facilitate DevSecOps

DevSecOps is an approach to application development that emphasizes collaboration between the development, security, and operations teams. Security is introduced early and is continuously monitored throughout the development lifecycle so a secure application can be rapidly released with fewer security-related bottlenecks when it reaches production. Companies that adopt a DevSecOps approach need tools that can…

Read More