IT professionals concerned over the security of Kubernetes
New research has revealed that more than half of IT professionals have concerns over the security of Kubernetes.Read more
January 24, 2023
What is Stakeholder-Specific Vulnerability Categorization?
It’s a decision tree that’s all about you (and your company). That’s a bit of an oversimplification, but the idea behind a Stakeholder-Specific Vulnerability Categorization (SSVC) is that you should prioritize addressing your vulnerabilities in a way that benefits you and your organization. Once you’ve prioritized, there are things you can do to mitigate the …
What is Stakeholder-Specific Vulnerability Categorization? Read More »
Skyhawk Security Launches Multicloud Runtime Threat Detection and Response Platform
At this point, multicloud networks are the default. Estimates of multicloud adoption in the enterprise range from 80% to 92%, which means from “most people” to “almost everyone.” And yet organizations continue to struggle with correctly configuring multicloud environments. In a recent study, Aqua Security found that 82% of companies left their cloud storage open …
Skyhawk Security Launches Multicloud Runtime Threat Detection and Response Platform Read More »
Deploy a dashboard for AWS WAF with minimal effort
January 24, 2023: This post was republished to update the code, architecture, and narrative. September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. In this post, we’ll show you how to deploy a solution in your Amazon Web Services (AWS) account that will provide a fully automated dashboard for …
Deploy a dashboard for AWS WAF with minimal effort Read More »
Top 7 Cyber Certifications Ranked by Average Earning Potential in 2023
Top 7 Cyber Certifications Ranked by Average Earning Potential in 2023 – CyberExperts.com Cybersecurity is a rapidly growing field, with the need for qualified professionals to protect against cyber-attacks and data breaches increasing every day. One way to demonstrate your qualifications and skills in the field is by earning a cybersecurity certification. Earning a certification …
Top 7 Cyber Certifications Ranked by Average Earning Potential in 2023 Read More »
How The Right GRC Program Can Help You Get Cyber Insurance
When you buy a new house, your mortgage lender wants to know that you have homeowner’s insurance in case of any damage. Your homeowner’s policy is there to protect you when you have a water incident, a small fire, or any other catastrophe that can cost big money. When your company deals with data from …
How The Right GRC Program Can Help You Get Cyber Insurance Read More »
Securing Cloud Workloads in 5 Easy Steps
Originally published by Tigera. Written by Senthil Nithiyananthan, Tigera. As organizations transition from monolithic services in traditional data centers to microservices architecture in a public cloud, security becomes a bottleneck and causes delays in achieving business goals. Traditional security paradigms based on perimeter-driven firewalls do not scale for communication between workloads within the cluster and …
CircleCI Cybersecurity Incident Hunting Guide
Originally published by Mitiga. Written by Doron Karmi, Deror Czudnowski, Ariel Szarf, and Or Aspir, Mitiga. On January 4, CircleCI published a statement announcing the investigation of a security incident. In this technical blog, we will share how to hunt for malicious behavior that may be caused by this incident and affect not only your …
Modernize Your Data Stack to Thrive in Uncertain Times
Economic instability and uncertainty are the leading causes for technology budget decreases, according to the IDG/Foundry 2022 annual State of the CIO survey. Despite a desire to cut budgets, data remains the key factor to a business succeeding – especially during economic uncertainty. According to the Harvard Business Review, data-driven companies have better financial performance, are more likely to survive, and …
Modernize Your Data Stack to Thrive in Uncertain Times Read More »
[tl;dr sec] #166 – 2023 Security Predictions, Vuln Hunting with App Server Logs, Enforcing Device AuthN
Hey there, I hope you’ve been doing well! The Economy 😅 Oof, a number of companies are continuing to lay off significant numbers of people. My thoughts are with everyone who has been affected. Keep your head up, you’re going to land on your feet somewhere awesome, I believe in you. I’m going to update …
Attacking The Supply Chain: Developer
In 2021, we published an entry identifying the weak parts of the supply chain security. In the face of the surge in documented attacks, the entry gave a summarized overview of how malicious actors found gaps to abuse and take advantage of for possible gains and disruptions. In this entry, we focus on one specific …
EU Whistleblowing Directive – Trends in Transposition and Adoption
Each year, NAVEX publishes the Top 10 Trends in Risk and Compliance. This publication features trends and predictions for the year to come and features contributions from experts in the industry. In this article, we discuss trends in transposition and adoption for the EU Whistleblowing Directive.Read more
Dependency Mapping for DevSecOps
Dependency Mapping for DevSecOps Today, DevOps teams use a staggering array of interconnected applications and infrastructure systems to build their continuous integration and continuous deployment (CI/CD) pipelines. These components are called dependencies because they depend on each other to enhance the functionality of an application. While dependencies shorten the release cycle and simplify developers’ lives, …
Central Pro, Join.me, Hamachi, and RemotelyAnywhere services encrypted backups and keys hacked
Share this… GoTo, a company that provides software, said on Monday, January 23, that a hacker had stolen encrypted backups for its Central, Pro, Join.me, and Hamachi services. RemotelyAnywhere was also affected. Worse still, the business discovered evidence that the attacker stole an encryption key for a portion of the encrypted backups. This makes the …
Your Guide to IAM – and IAM Security in the Cloud
Originally published by Ermetic. As user credentials become a coveted target for attackers, IAM (Identity Access Management) technologies are gaining popularity among enterprises. IAM tools are used in part to implement identity-based access security practices in the cloud. But is IAM security enough to adequately protect cloud identities and resources? In this blog post we …
Your Guide to IAM – and IAM Security in the Cloud Read More »
Threat Hunting In The Shadows Protection – Free Webinar
Threat Hunting in the Shadows Protection First; Not Detection Preventing file-less attacks & unknown malware from wreaking havoc on your organization can be a daunting task; especially if you lack visibility to detect it. It’s critical to pro-actively hunt for this activity and ensure you’re collecting the right telemetry across your network & endpoints. Anti-virus …
Threat Hunting In The Shadows Protection – Free Webinar Read More »
CommonSpirit Facing 2 Proposed Class Actions Post-Breach
Lawsuits: Hospital Chain Failed to Protect Data in Ransomware Compromise Marianne Kolbasuk McGee (HealthInfoSec) • January 24, 2023   CommonSpirit negligently failed to protect sensitive health information, resulting in a data compromise affecting more than 623,000 patients – and perhaps many more, allege plaintiffs in two proposed federal class action lawsuits filed in the …
CommonSpirit Facing 2 Proposed Class Actions Post-Breach Read More »
VMware warns of critical code execution bugs in vRealize Log Insight
A critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take full control of a target system. VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711, in its vRealize Log Insight appliance. VRealize Log Insight is a log collection and analytics virtual appliance that enables administrators to collect, view, …
VMware warns of critical code execution bugs in vRealize Log Insight Read More »
BSW #291 – Doug Hubbard
Paul’s Security Weekly Tue, 24 Jan 2023 23:20:12 +0000 Tue, 24 Jan 2023 23:36:38 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly Hacking,security false sw_production@cyberriskalliance.com episodic no BSW #291 – Doug Hubbard Tue, 24 Jan 2023 23:20:12 +0000 01:16:01 false podcast full Read more
View from Davos: The Changing Economics of Cybercrime
Editor’s note: The author participated in a panel discussion at the World Economic Forum titled “Ransomware: To Pay or Not to Pay” on January 19, 2023. While much of the press on the 2023 World Economic Forum in Davos, Switzerland, focused on international strife, on the ground it was a significantly more economic affair. Certainly, many …
View from Davos: The Changing Economics of Cybercrime Read More »
The modders behind the excellent Half-Life 2 VR port reveal Episode One to arrive in Q1
Running off the momentum of its recent Half-Life 2: VR Mod beta release, SourceVR Mod Team revealed that it already has Half-Life 2: Episode One in working order. The fan-developed mod should launch sometime in Q1 2023, although the team didn’t indicate whether it would be a beta or fully complete.Read more
4 important vulnerabilities patched in VMware vRealize Log Insight
Share this… VRealize Log Insight is a log collecting and analytics virtual appliance that gives administrators the ability to collect, display, manage, and analyze syslog data. Log Insight was developed by Logrotate. Application logs, network traces, configuration files, messages, and performance statistics can all be monitored in real time using Log Insight. It has been purpose-built …
4 important vulnerabilities patched in VMware vRealize Log Insight Read More »
4 important vulnerabilities patched in VMware vRealize Log Insight
Share this… VRealize Log Insight is a log collecting and analytics virtual appliance that gives administrators the ability to collect, display, manage, and analyze syslog data. Log Insight was developed by Logrotate. Application logs, network traces, configuration files, messages, and performance statistics can all be monitored in real time using Log Insight. It has been purpose-built …
4 important vulnerabilities patched in VMware vRealize Log Insight Read More »
How CISOs Can Help SMBs Minimize Risks from Zero-Day Exploits
Too Long; Didn’t ReadSmall to medium-sized businesses (SMBs) are starting to improve their security postures. By 2025, cybersecurity spending by SMBs is projected to hit $90 billion. Hiring a full-time chief information security officer (CISO) is still a luxury many SMBs cannot afford. L O A D I N G. . . comments & more!Read …
How CISOs Can Help SMBs Minimize Risks from Zero-Day Exploits Read More »
Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including tech support scams, adult dating, phishing, or drive-by-downloads. Since late December, our team has been …
Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network Read More »
Sandfly 4.3.0 – Key Vault Integration, Process, SSH, and Persistence Attack Detection
Sandfly 4.3.0 features an external credential provider interface. Using our new integration you can get Sandfly to work with an external key vault such as Cyberark, Thycotic, Hashicorp and more. We…Read more
Walmart’s Roblox ‘Advergame’ Deceives Kids, Watchdog Told
By Allison Grande (January 24, 2023, 10:23 PM EST) — Walmart is breaking a recent pledge to comply with children’s privacy rules by failing to make clear that a new immersive experience it rolled out on Roblox is an ad and not a game, a coalition of consumer groups argues in urging an advertising industry …
Walmart’s Roblox ‘Advergame’ Deceives Kids, Watchdog Told Read More »
Ticketmaster Blames Bots in Taylor Swift ‘Eras’ Tour Debacle
When armies of Taylor Swift fans in November were locked out of being able to purchase tickets for her upcoming The Eras tour, the so-called “Swifties” demanded answers. And the Senate agreed. This week, Ticketmaster testified in Senate Judiciary Committee hearings that it’s not the company’s monopoly on the live music market that caused the Swifty …
Ticketmaster Blames Bots in Taylor Swift ‘Eras’ Tour Debacle Read More »
Biden-Harris Administration Unveils Better Data Collection Plans for LGBTQI+ Community
For the first time, the federal government will use a formal framework to ensure improved data collection to better serve U.S. LGBTQI+ communities. The Biden-Harris administration released its Federal Evidence Agenda on Lesbian, Gay, Bisexual, Transgender, Queer and Intersex (LGBTQI+) Equity roadmap on Tuesday afternoon to help federal agencies collect accurate data and evidence reflecting the …
Biden-Harris Administration Unveils Better Data Collection Plans for LGBTQI+ Community Read More »
Why are the Intel Arc graphics drivers 1.2GB?
Intel’s entrance into the arena of dedicated graphics cards reveals some surprising observations regarding the size of GPU drivers. Compared with its competitors, Intel’s software is way overweight.Read more