Although the attack scan traffic into the United States is in line with the proportion of the assigned IP addresses, most of the other countries are not. The extreme outlier that stands out is Malaysia, rising to second place in Q3 2021. Examining Attacks on Malaysia from China Since this is so unusual, we examined…

Read More

Introduction gRPC (gRPC Remote Procedure Call) is a protocol that is gaining a lot of traction in the microservices world and is becoming a popular alternative for developers to use instead of REST (representational state transfer). Many organizations are trying to adopt gRPC, and technology blog sites are abuzz with chatter about choosing between REST…

Read More

Vulnerabilities New and Old Particularly avid readers, or perhaps just readers with a magnifying glass, will note that there are six-and-a-half new vulnerabilities in Figure 3 compared with our November SIS. We say a half-new vulnerability because one of the new ones is indistinguishable from an existing signature. While tuning the pattern for CVE-2022-41040, a…

Read More

During these unprecedented times, legacy banks and financial services institutions (FSIs) face unique operational challenges. Many of them have to rapidly expand their digital service offerings in order to navigate economic disruptions. In fact, banks in Asia Pacific (APAC) are rethinking processes and digitalizing processes, with 70 percent are adopting real-time payments by 2022 according…

Read More

You may have heard about the log4j security vulnerability — one of the most widespread cybersecurity vulnerabilities in recent years. Here’s a non-technical explanation of it: What is it? It’s a vulnerability that was discovered in a piece of free, open source software called log4j. This software is used by thousands of websites and applications,…

Read More

Apply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.4: Perform…

Read More

Part 2 of CRN’s Big Data 100 takes a look at the vendors solution providers should know in the database systems space. Running The Bases By 2025 the total amount of digital data generated, gathered, copied and consumed is expected to be in the range of 175 to 180 zettabytes. And more of that data…

Read More

‘We have our MSP practice, our security department and we’re creating a third department that’s comprised of content coming out of our project department that’s going to be our automation and AI division. We’re going to automate and use AI internally as well as RPA to streamline our practices within the IT business,’ says Timothy…

Read More

The best practice document from Internet Engineering Task Force (IETF) recommends the use of an external user agent (such as a browser) to complete the flow in authorization flow code grant. When a native app wants to access private information, it needs to first get an authorization code. The native app starts its authorization request…

Read More

Phishing is not the only method that attackers used against cryptocurrency exchanges and wallets. As noted in the 2021 TLS Telemetry report, malicious Tor exit nodes were also used to strip SSL/TLS connections, which allowed attackers to harvest credentials to cryptocurrency exchanges. Investigating Attacker Methods Threat actors frequently refine their techniques to improve the success…

Read More