Email-based attacks can take many forms, and are typically deployed by cybercriminals in order to extort ransom or leak sensitive data. Just recently, a banking Trojan named Trickbot targeted Italy, a hotspot for COVID-19 cases, with email spam campaigns. While the email subject line is in line with the daily concerns and talks about spread of the virus, the attachment was actually a malicious script.

Detecting malicious activity is rarely easy, but some attacker methods are more challenging to detect than others. One of the most vexing techniques to counter is credential theft. Attackers that gain control over a user account have access to the assets of that user. If the credentials are for an account with special privileges, like a system administrator, then the attacker may be able to gain access to system-wide resources and even be able to change logs to cover their tracks.

As the COVID-19 pandemic continues to force employees to work from home, businesses are facing new and unique challenges to ensure business continuity. When remote work is mandated due to COVID-19, the transition isn’t smooth for many businesses; not every business has the infrastructure to make the abrupt shift, even given the immediate need to go remote.

In the new normal, if your business has chosen remote operations, this might attract malicious actors. Hackers prey on the remote workforce whose vulnerability has increased in multifold ways. While infrastructural concerns, such as working outside the corporate IT network and using home Wi-Fi are inevitable, other issues, including using personal devices and retaining privileges to access more than required business resources add to the magnitude of this vulnerability.

Welcome to the May 2020 edition of Calicomm! – our monthly newsletter for customers and partners. In the April edition, we discussed audit logs. This edition covers egress access control, which is an important aspect of micro-segmentation.

The energy industry used to operate on a simple hub-and-spoke model, in which large power plants would produce energy in a centralized location and distribute it out to consumers. Yet as solar, wind, and other small-scale renewable energy sources take hold in the market, that hub-and-spoke model is being replaced by a complex grid of interconnected devices.

An organization can have multiple systems like Active Directory, SharePoint, Oracle, Outlook, Teams or simply web applications and they may have hundreds or thousands of employees or outside organization users that can access these systems. Managing accounts of every user and allowing proper access to their respective system is called Identity and Access Management (IAM).

The Kubernetes framework has become the leading orchestration platform. Originally developed by Google, Kubernetes is a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts" * . The kubernetes platform is used in all Cloud platform provider vendors as a tool that allows orchestration, automation and provision of applications and specific needs computing clusters and services.

In the previous blog in this series, we discussed authentication and authorization mechanisms, and how configuring them properly can help secure your databases. In this blog, we’ll talk about how data breaches can be prevented by implementing the principle of least privilege (POLP). According to Verizon’s 2019 Data Breach Investigations Report, insiders account for 76 percent of all compromised database records.

In part one of this two-part blog series, we discussed seven reasons security configurations are an important part of an organization’s security posture. In this part, we’ll look at eight security configurations that can help with ensuring comprehensive control over the endpoints, avoiding vulnerabilities, deploying security configurations, and automating a number of verticals of endpoint security.