A Few Thoughts About Uber's Breach
tl;dr: "Allegedly, an 18 year old spammed an employee with 2FA via push notifications on an employee with a known password. They got into the VPN and scanned for servers, found a file share without any access controls, and a script that could access break-the-glass credentials. With the highest level of credentials available, they then got effective root access to Slack, AWS, Google Suite, and active directory at Uber."featured in #353
Compliance Simplified: Demystifying Risk Assessment
tl;dr: An information security ("InfoSec") risk assessment is not only a security best practice but also necessary to meet the requirements of the ISO 27001, SOC 2, PCI DSS, and HIPAA compliance standards. Learn more from cybersecurity and data privacy expert Matt Cooper in this short video!featured in #352
The SOC 2 Compliance Checklist
tl;dr: Ready to simplify the time-consuming, tedious process of proving compliance — starting with industry fave SOC 2? Here’s a free SOC 2 compliance checklist from Vanta, the leading automated security and compliance platform. Attend a demo, and lunch is on Vanta.featured in #350
Why Automation Is Crucial For Security And Compliance
tl;dr: "Good security not only minimizes downside, but also enables faster growth. Learn how an automated security and compliance platform improves security posture, stands up to security audits, and can get you compliant in just weeks."featured in #347
How To Prevent Secrets From Ending Up On Developer's Machines
- Ryan Blunden tl;dr: Even with environment variable storage offered by modern hosting platforms and secrets managers provided by every cloud, developer's machines are still littered with secrets in unencrypted text files because local development was left out of the picture. Learn how to prevent secrets from ending up on developer's machines.featured in #345
Understanding The Value Of SOC 2 Compliance For Your Company
tl;dr: Being asked to prove your company’s security is a common blocker in getting your sales deals moving. But with the right perspective, this obstacle can be turned into a competitive advantage. Read the blog to learn more!featured in #344
How To Access Infrastructure Without Usernames And Passwords
- Ev Kontsevoy tl;dr: Eliminate passwords and other static credentials like SSH keys from your infrastructure, making it more secure, scalable, and easier to use. Stolen credentials are the #1 cause of data breaches — open-source Teleport makes it easy to ditch secrets and embrace identity. Learn more.featured in #343
How Engineers Can Tackle Data Privacy And Security
tl;dr: What can engineers do to stay on top of privacy? Most startups are not going to have a dedicated in-house privacy expert at their disposal. Learn how engineers can stay secure while growing a team and a product in Vanta’s recent blog.featured in #342
How To Access Infrastructure Without Usernames And Passwords
- Ev Kontsevoy tl;dr: Teleport 10 introduces Passwordless Access. Eliminate passwords and other static credentials like SSH keys from your infrastructure, making it more secure, scalable, and easier to use. Stolen credentials are the #1 cause of data breaches — Teleport 10 makes it easy to ditch the secrets and embrace identity. Learn more.featured in #338
How To Prevent Secrets From Ending Up On Developer's Machines
- Ryan Blunden tl;dr: Even with environment variable storage offered by modern hosting platforms and secrets managers provided by every cloud, developer's machines are still littered with secrets in unencrypted text files because local development was left out of the picture. Learn how to prevent secrets from ending up on developer's machines.featured in #336