SecurityTrails Blog

Infrastructure as Code: Is It as Secure as It Seems?.
SecurityTrails Blog · Dec 30 2020 · by Esteban Borges

Infrastructure as Code: Is It as Secure as It Seems?

Alongside the rise of public clouds, managing the infrastructure of private clouds has never been easier. Tools like Terraform are available, but increasing dependence on them means it’s necessary to understand the security implications they present. After all, your entire infrastructure is dependent on, and accessible through, such a configuration—it’s essentially infrastructure as code, or “IAC”, passed through a tool like Terraform.

Attack Surface Management: You Can't Secure What You Can't See.
SecurityTrails Blog · Dec 29 2020 · by Sara Jelen

Attack Surface Management: You Can’t Secure What You Can’t See

A report from 2016 predicted that 30% of all data breaches by 2020 will be the result of shadow IT resources: systems, devices, software, apps and services that aren’t approved, and in use without the organization’s security team’s knowledge. But shadow IT isn’t the only area where security and IT teams face issues with tracking and visibility.

JARM: A Solid Fingerprinting Tool for Detecting Malicious Servers.
SecurityTrails Blog · Dec 23 2020 · by Gianni Perez

JARM: A Solid Fingerprinting Tool for Detecting Malicious Servers

The literature on defensive security unanimously recognizes one fact: every so often, a tool comes out that provides blue teamers with an important advantage over their adversaries. This ever-elusive quest features essential requirements and commonalities, such as the ability to proactively seek and detect malicious hosts, or the capacity to swiftly respond to targeted network threats. And with a sharp rise in the number of incidents involving some form of malware or command and control (C2) activity resulting in data theft, vendors are in a tight race to gain their customers’ trust—by leveraging newer alternatives to legacy solutions amidst shrinking budgets.

Iran, the IRGC and Fake News Websites.
SecurityTrails Blog · Dec 17 2020 · by SecurityTrails Team

Iran, the IRGC and Fake News Websites

Recently, the Department of Justice made two public announcements about shutting down fake news websites created by Iran’s Islamic Revolutionary Guard Corps (IRGC). In the first instance, 92 domains were seized in August 2020. And according to the second announcement, 27 more domains were seized as part of the same effort to spread global disinformation.

Making Cybersecurity Accessible with Scott Helme.
SecurityTrails Blog · Dec 15 2020 · by Sara Jelen

Making Cybersecurity Accessible with Scott Helme

Global connectivity benefits our world in numerous ways, however, that same connectivity also poses a potential cyberthreat that is often overlooked. There is no easy solution for combating the rising threats in our hyperconnected world. Now more than ever, cybersecurity is imperative for both businesses, governments and educational institutions, and individuals and families. For cybersecurity to effectively slow down the rising cyber threats and attacks, everyone needs to be part of the solution.

5 AWS Misconfigurations That May Be Increasing Your Attack Surface.
SecurityTrails Blog · Dec 10 2020 · by Gianni Perez

5 AWS Misconfigurations That May Be Increasing Your Attack Surface

Not all data breaches are created equal. While many remain the product of technical prowess so often associated with malicious actors, a burgeoning amount can be attributed to security misconfigurations and overly-permissive entitlements plaguing cloud ecosystems around the globe. Close to 70 percent in fact, according to a survey conducted by Ermetic, an identity and data protection firm.