[ News | Newsletters | Blogs | Reddits | Lists | Media | Jobs ] HoneyDB
  [ privacy | malware | research | vendor ]
Impart Security
Test rules even faster with Impart's Rule Test Case Assistant | Impart Security
Test Firewall Rules Instantly with Rule Test Assertions | Impart Security
Impart is now available in the Kong Plugin Hub | Impart Security
Consolidate WAF and API Protection | Impart Security
Stop BOLA exploits in their tracks | Impart Security
Blocking in Production Requires a Modern Security DevEx | Impart Security
Permiso
Permiso Releases Suite of Open-Source Tools to Bolster Detection Capabilities for Past,Present and Future Attacks
INTRODUCING CAPICHE DETECTION FRAMEWORK: AN OPEN-SOURCE TOOL TO SIMPLIFY CLOUD API-BASED HUNTING
BucketShield: Track Log Flow, Secure Buckets, Simulate Threats – All in One Open-Source Tool
Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy
Introducing SkyScalpel: An Open-Source Tool to Combat Policy Obfuscation in Cloud Environments
Introducing CloudTail: An Open-Source Tool for Long-term Cloud Log Retention and Searchability
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large
Survey Reveals Gaping Disconnect Between Existing Security Controls and the Identity Security Threat Reality
Product Update: IP and Code Threat Detection Now Available for GitHub and Atlassian’s Suite of Products, Including Confluence and Jira
When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
Trend Micro Research, News, Perspectives
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
5 AI Security Takeaways featuring Forrester
Trend Micro and Japanese Partners Reveal Hidden Connections Among SEO Malware Operations
Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations
SOC Around the Clock: World Tour Survey Findings
AI Pulse: Election Deepfakes, Disasters, Scams & more
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
Unmasking Prometei: A Deep Dive Into Our MXDR Findings
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
Digtial Shadows
Latest Report Findings: Retail Trade Faces 111% Jump in Ransomware
The Road Ahead: 2025 Cybersecurity Predictions
Report Shows Ransomware Has Grown 41% for Construction Industry
Agentic AI for SecOps: More Than Just Another Chatbot
The Credential Abuse Cycle: Theft, Trade, and Exploitation
Announcing the GreyMatter Notification Center
5 Critical Threat Actors You Need to Know About
Agentic AI: A New Way to Accelerate Your Security Operations
ReliaQuest Uncovers New Black Basta Social Engineering Technique
Scattered Spider x RansomHub: A New Partnership
Security Operations - Sophos
Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”
VEEAM exploit seen used again with a new ransomware: “Frag”
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
From the frontlines: Our CISO’s view of Pacific Rim
Pacific Rim: What’s it to you?
Pacific Rim: Learning to eat soup with a knife
Digital Detritus: The engine of Pacific Rim and a call to the industry for action
Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns
Crimson Palace returns: New Tools, Tactics, and Targets 
Sumo Logic
Threat intelligence feeds: essential arsenal in cybersecurity
Observability 2.0: Don’t repeat sins of the past
Reduce alert noise, automate incident response and keep coding with AI-driven alerting
Differentiating Sumo Logic Mo Copilot using Amazon Bedrock
From stateful to stateless: Sumo Logic’s transition from Lucene to Parquet-based architecture
Asia-based SMBs: leverage logs to enhance cloud security and scale your operations
Stronger together: Sumo Logic and AWS partnership expands with five new competencies
Managed security service providers should stay skeptical
The new era of observability: Why logs matter more than ever
Being forced to migrate from IBM QRadar to PAN XSIAM? Know the pitfalls
Qualys Security Labs
Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart
Best Practices for Cloud Compliance
Microsoft and Adobe Patch Tuesday, November 2024 Security Update Review
Elevate Your Container Security with QScanner in 2025
Qualys Web Application Scanning (WAS) Recognized as a Leader in 2024 GigaOm Radar Report for Application Security Testing (AST)
Announcing TotalCloud Attack Path, Cloud Workflow Automation, and 3-Step Simplified User Onboarding for Qualys TotalCloud CNAPP
Qualys VMDR & Core Apps Revamped: Ultimate Cyber Defense Partnership for Streamlined Vulnerability Management with ITSM 
Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA
Oracle Critical Patch Update, October 2024 Security Update Review
The Spanish National Security Framework (ENS) is Now Part of the Qualys Enterprise TruRisk™ Platform
SecurityTrails
Sekoia.io
Helldown Ransomware: an overview of this emerging threat
A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats
ClickFix tactic: Revenge of detection
ClickFix tactic: The Phantom Meet
Mastering SOC complexity: Optimizing access management with Sekoia Defend
Mamba 2FA: A new contender in the AiTM phishing ecosystem
Getting started with Detection-as-Code and Sekoia Platform
Hunting for IoCs: from singles searches to an automated and repeatable process
Bulbature, beneath the waves of GobRAT
Why it’s time to replace your legacy SIEM with a SOC platform
Talos
Malicious QR Codes: How big of a problem is it, really?
New PXA Stealer targets government and education sectors for sensitive information
November Patch Tuesday release contains three critical remote code execution vulnerabilities
Unwrapping the emerging Interlock ransomware attack
NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
Threat actors use copyright infringement phishing lure to deploy infostealers
Writing a BugSleep C2 server and detecting its traffic with Snort
How LLMs could help defenders write better and faster detection
Talos IR trends Q3 2024: Identity-based operations loom large
Threat Spotlight: WarmCookie/BadSpace
CloudFlare
Bigger and badder: how DDoS attack sizes have evolved over the last decade
Resilient Internet connectivity in Europe mitigates impact from multiple cable cuts
DO it again: how we used Durable Objects to add WebSockets support and authentication to AI Gateway
What’s new in Cloudflare: Account Owned Tokens and Zaraz Automated Actions
How we prevent conflicts in authoritative DNS configuration using formal verification
A look at the latest post-quantum signature standardization candidates
Exploring Internet traffic shifts and cyber attacks during the 2024 US election
Moving Baselime from AWS to Cloudflare: simpler architecture, improved performance, over 80% lower cloud costs
Workers Builds: integrated CI/CD built on the Workers platform
Cloudflare’s perspective of the October 30 OVHcloud outage
Tenable Network Security
Volt Typhoon: What State and Local Government Officials Need to Know
Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
CVE-2024-0012, CVE-2024-9474: Zero-Day Vulnerabilities in Palo Alto PAN-OS Exploited In The Wild
New AWS Control Policy on the Block
The Dark Side of Domain-Specific Languages: Uncovering New Attack Techniques in OPA and Terraform
Cybersecurity Snapshot: Five Eyes Rank 2023’s Most Frequently Exploited CVEs, While CSA Publishes Framework for AI System Audits
Who’s Afraid of a Toxic Cloud Trilogy?
Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)
Cybersecurity Snapshot: CISA Warns of Global Spear-Phishing Threat, While OWASP Releases AI Security Resources
Context Is King: From Vulnerability Management to Exposure Management
AquaSec
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
New Aqua User Experience: Streamlined Vulnerability Management
Enhancing UK Cybersecurity and Resilience: Impact of the New National Bill
5 Must-See Sessions at KubeCon North America
Threat Alert: TeamTNT’s Docker Gatling Gun Campaign
AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
Building Success Together: Driving Customer Satisfaction and Growth
Walk the Line: High-Fidelity Incident Detection Without Disruption
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
CUPS: A Critical 9.9 Linux Vulnerability Reviewed
Kolide
How Commonlit Balances Student Security and Employee Privacy
Watershed Thinks Big to Keep a Small Team Secure
How Clio Practices Security With a Culture of Trust
For Databricks, Zero Trust Means Putting End Users First
Cloud Security Partners
Software Bill of Materials: Understanding What You’re Actually Running
Preventing Overreliance: Proper Ways to Use LLMs
Ignore Previous Instruction: The Persistent Challenge of Prompt Injection in Language Models
Introduction to LLM Security
The Security Benefits of Infrastructure as Code
Don't let your containers escape! Update runc & Docker Now!
Upcoming Events at CSP!
OIDC for GitHub Actions
Our Support For Cloudsplaining
Gen AI Security: An Introduction and Resource Guide
© 2024 RiskDiscovery | Sponsored by: Deception Logic