Keep Your IAM Users Close, Keep Your Third Parties Even Closer
Technical and legal controls that you take for granted when managing cybersecurity policy within your organization are usually out of reach when a third party is compromised.
Auditing iam:PassRole: A Problematic Privilege Escalation Permission
How to determine which identities need iam:PassRole to help enforce “use it or lose it” least privilege.
Cloud infrastructure is not immune from the SolarWinds Orion breach
Organizations exposed to the SolarWinds breach must identify exposed credentials and rotate them asap.
The AWS Managed Policies Trap
These policies are simultaneously appealing and dangerous. Here’s how to use automated analysis of environment configuration and activity logs to avoid getting caught in the trap.
Who Holds the Keys to the Kingdom?
Take a closer look at sensitive AWS Resources:secret strings and keys used in AWS, learn about the Resources and access control mechanisms relevant to them, delve into the challenges of tracking the permissions granted to them, and see ways in which automating analysis of environment configuration…
CVE-2020-14882: Oracle WebLogic のリモートコード実行脆弱性を利用した攻撃が確認される
A remote code execution vulnerability in Oracle WebLogic Server has been actively exploited in the wild just one week after a patch was released and one day after a proof of concept was published.Update October 30, 2020: The solutions section has been updated to reflect the disclosure of a…
AWS Identity Federation and Least Privilege – Friends or Foes?
Learn how to address the challenges in basic and advanced implementations of AWS federation.
CodeMeter に発見された複数の脆弱性が産業制御システムを攻撃にさらしている
Six vulnerabilities in a popular license management product put industrial control systems at risk for remote attacks. Background On September 8, researchers at Claroty published their detailed analysis, dubbed “License to Kill,” covering several vulnerabilities they discovered in CodeMeter…
オリジン間リソース共有における脆弱性
To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource SharingToday’s modern web applications rely heavily on JavaScript to be dynamic, and ensure the best experience for end-users. Providing content…
Protect Applications and Data with Cloud Infrastructure Entitlements Management (CIEM)
Breaking down the hype around cloud infrastructure entitlements management.
新型コロナウイルス感染症(COVID-19)に便乗した Venmo、PayPal、Cash AppCVE を利用するプレゼント詐欺
The economic impact of COVID-19, which is causing record unemployment, creates a golden opportunity for scammers looking to target vulnerable people desperate for cash to help pay their bills.As Cash App steps up the frequency of its giveaways, and celebrities and other notable figures launch…
「VPR」とは何か。「CVSS」とはどう違うのか。
このブログシリーズでは、さまざまな観点からVPR(脆弱性の優先度評価)について詳しく説明します。Part one will focus on the distinguishing characteristics of VPR that make it a more suitable tool for prioritizing remediation efforts than the Common Vulnerability…
営業チームに問い合わせる