Category: Product Security

Product Security covers all software, hardware, cloud, edge, and component (chip) security aspects. Today’s product security is not just about the “unit” under test, but the whole system resiliency to stress, attacks, and ability to withstand the unexpected.

We will cover Application security posture management (ASPM), Dynamic AST (DAST), Fuzz Testing, Infrastructure-as-code (IaC) testing, Interactive AST (IAST), Mobile AST (MAST), Open Source Testing, Software Development Life Cycle (SDLC), Static application security testing (SAST), Chaos Architectures, and many other approaches to Product Security.

You missed it! Threat Actors simple paths into your network.

You missed it! Threat Actors simple paths into your network.

Posted on

On December 3rd, 2024, six cybersecurity organizations published Enhanced Visibility and Hardening Guidance for Communications Infrastructure, detailing simple paths threat actors use to penetrate networks. Most people I talk to say, “This is nothing new.” “We’ve heard it all before.” “These are all Best Common Practices (BCPs); everyone should have deployed them already!” Do not Read More

Using your Printer Ports to Attack?

Using your Printer Ports to Attack?

Posted on

Do you have a customer whose printer ports are open and vulnerable and can now be used for DDoS? Is your network’s “Internet Print Protocol” (IPP) port open and ready for exploitation? Last week, the Shadowserver Foundation alerted a “large increase in queries on 631/UDP seen in our sensors due to recent CUPS RCEs disclosure. Read More

Is ASEAN Ready for Serious Cybersecurity?

Is ASEAN Ready for Serious Cybersecurity?

Posted on

No, most ASEAN countries are not ready for “serious cybersecurity.” Cybersecurity requires a persistent and consistent rhythm of action that fixes known security risks. Public benefit—non-profit cyber civil defense organizations like the Shadowserver Foundation, CyberGreen, and other organizations deliver actionable cyber-risk reporting as a public benefit. Yes, these reports are free to organizations seeking to Read More

Healthcare's Black Basta Bash

Healthcare’s Black Basta Bash

Posted on

If you follow the May 10, 2024, Black Basta “critical action” recommendations, you will most likely be exposed and potentially exploited by the threat actors. Read through the #StopRansomware: Black Basta AA-24-131A and HS-ISAC Black Basta Threat Actor Emerges as a Major Threat to the Healthcare Industry. Then take a step back and mitigate/remediate the Read More

Cyber Smokejumping

Cyber Smokejumping

Cyber Smokejumping is a decades-old practice of intentionally investing time with peers to help them overcome cyber risk. Our global, massively interconnected Digital Society requires increased cybersecurity capabilities, capacity, habits, and practices spread worldwide. Putting up cyber walls and layers of defense will not help if other parts of the world are getting infected and

Optimize Shadowserver's Value - Checklist

Optimize Shadowserver’s Value – Checklist

Posted on

Optimize Shadowserver’s value! Stop the Threat Actors! You are at risk if you get any of the +120 daily reports. Most issues are easily fixed. All these reports share details the threat actor can potentially exploit. Take 15 minutes once a quarter to update your contacts, ASNs, IPs, Domain, APIs, and other details. Quarterly Reviews Read More