The latest security technology and best practices to secure software applications, vulnerabilities and code.
Many of the basic principles for securing a data lake will be familiar to anyone who has secured a cloud security storage container. Of course, since most commercial data lakes build off of existing cloud infrastructure, this should be the case. However, data lakes add additional elements such as data feeds, data analysis (data lake…
Even the most advanced and sophisticated security tools are failing to protect against ransomware and data exfiltration, according to a new report from data encryption vendor Titaniam. The State of Data Exfiltration and Extortion report says that despite heavy investments, more than half of organizations that experienced ransomware attacks ended up paying the ransom. The…
A presidential executive order mandating a zero trust strategy for federal agencies has raised the profile of the cybersecurity technology and prompted many non-government IT security managers to consider how they might adopt the three zero trust principles: “All entities are untrusted by default; least privilege access is enforced; and comprehensive security monitoring is implemented.”…
MITRE has released its latest list of the top 25 most exploited vulnerabilities and exposures found in software. The MITRE CWE list is different from the product-specific CVE lists from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other agencies and instead focuses on more generic software development weaknesses, similar to the OWASP list…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is recommending that government agencies and private organizations that use Microsoft’s Exchange cloud email platform migrate users and applications to Modern Auth before Basic Auth is deprecated in October. CISA noted that Basic authentication is simple and pretty convenient but unsecured by design. It’s relatively easy for…
Cybersecurity researchers have found more than 900,000 instances of Kubernetes consoles exposed on the internet. Cyble researchers detected misconfigured Kubernetes instances that could expose hundreds of thousands of organizations. The researchers found a number of indicators of exposure in the open source container orchestration platform: KubernetesDashboard Kubernetes-master Kubernetes Kube K8 Favicon:2130463260, -1203021870 The threat-hunting exercise…
PowerShell is one of the most common tools used by hackers in “living off the land” attacks, when malicious actors use an organization’s own tools against itself. This week, U.S. cybersecurity agencies joined their counterparts in the UK and New Zealand to offer guidance so organizations can use PowerShell safely. PowerShell is a command line…
In a sequence that suggests cloud services may be more vulnerable than many think, Proofpoint researchers have demonstrated how hackers could take over Microsoft 365 accounts to ransom files stored on SharePoint and OneDrive. Microsoft services are widely used in enterprises for cloud-based collaboration, and the Proofpoint research report revealed that cloud infrastructures are not…
Software supply chain attacks present an increasingly worrying threat. According to a recent BlueVoyant study, an impressive 97 percent of companies surveyed have been negatively impacted by a security breach in their supply chain, and 38 percent said they have no way of knowing about any potential issues with a third-party supplier’s cybersecurity. Ankur Shah,…
More than 3.6 million MySQL servers are publicly exposed on the internet, security researchers noted this week. Shadow Server Foundation researchers reported that they simply issued a MySQL connection request on default port 3306 to see if a server responded with a MySQL Server Greeting, rather than intrusive requests that pentesters use to break into…