Latest from the Labs

We all woke up recently to a security nightmare. Okta, an industry leader in identity and access management is potentially breached and the impact for the industry may be very high. Here are 10 actionable recommendations you can share, but please let us know if you have more so that we can add them to this list.

The Russian military strategy is often described as a strategy of “active defense.” This means that their strategy includes both the preventative measures taken before a conflict breaks out and the tenets for conducting the war.

Traditional incident response (IR) learned from on-premises investigations doesn’t work in the cloud. Today's threat actors are finding misconfigurations and vulnerabilities to allow them to penetrate cloud environments.

Learn how lateral movement attacks pose serious risks in on-prem, cloud, or hybrid environments, and discover effective strategies to mitigate these threats.

Over the last few months, everyone has been busy patching — seeking to close the loophole most learned about when the a patch was released for Log4j 2.15.0 for Java 8 users to address the remote code execution vulnerability CVE-2021-44228, a previously undisclosed zero-day vulnerability.

Because zero-day vulnerabilities are announced before security researchers and software developers have a patch available, zero-day vulnerabilities pose a critical risk to organizations as criminals race to exploit them. Similarly, vulnerable systems are exposed until a patch is issued and applied.

Cloud-based systems should be thoroughly searched for the new Log4j vulnerability (CVE-2021-44228). But this is a daunting task, since you need to search each and every compute instance, from the biggest EC2 instance to the smallest Lambda function. This is where Mitiga can help.

Learn about the Log4j vulnerability, including resources, updates, and mitigation steps to protect your systems.

Ransomware is out of control. So, what can organizations actually do to deal with this tidal wave of attacks? It’s time for organizations to ask themselves the question, “Are we ransomware ready?” And then think about what ransomware readiness really looks like.