Author: Admin

Everyone is talking about the need to “shift-left”, but it is not always clear what the implications are for infrastructure platform teams. This post looks at why enabling developers with management and operational capabilities is the next big shift that platform teams should embrace.   There are many stages in the life of an application that are typically disconnected from the rest of the software development lifecycle, a long-accepted fact of IT life that the…

Today’s VERT Alert addresses Microsoft’s May 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-943 on Wednesday, May 12th. In-The-Wild & Disclosed CVEs CVE-2021-31204 Up first in the list this month, we have a vulnerability that impacts .NET and Visual Studio and could allow a successful attacker to elevate their permissions. We see patches for Microsoft Visual Studio 2019 for Windows and macOS as well as .NET…

The state with the highest identity theft rate in the country may have been impacted by a Department of Labor data breach. According to new data released by the Federal Trade Commission (FTC), the reported rate of identity theft in Kansas in 2020 was higher than that of any other state and more than three times greater than the national average.  Last year, 43,211 Kansans informed the FTC that someone had stolen or attempted to…

  It has been more than a year since the outbreak of the COVID-19 global pandemic which has had a significant impact on health, lifestyles, and the way business is done. In the world of payments, many businesses have had to reinvent themselves and adapt to remote transactions and the world of e-commerce (in many cases on the cloud). On this blog, we discuss the challenges of e-commerce on payment security in Brazil with Carlos…

In line with our promise last year to continue publishing incident reviews for Docker Hub, we have two to discuss from April. While many users were unaffected, it is important for us to be transparent with our community, and we hope it is both informative and instructive. April 3rd 2021 Starting at about 07:30 UTC, a small proportion of registry requests (under 3%) against Docker Hub began failing. Initial investigation pointed towards several causes, including…

Though it likes to promote itself as being “philanthropic,” the DarkSide gang represents a dangerous threat to organizations around the world. The ransomware group that attacked Colonial Pipeline has in the past tried to donate some of its profits to charity in a twisted take on the tale of Robin Hood. But the gang known as DarkSide is appropriately named as it has proven it won’t hesitate to target vulnerable victims to make a buck….

The cloud has played a critical role for organizations forced to adapt to the realities of the past year. Navigating this shift successfully requires empowering your teams to leverage the cloud in a way that makes your organization more resilient, efficient, and innovative under any circumstances. CloudLIVE 2021 is an event designed to help you do just that. The industry-leading multi-cloud management conference will bring the global cloud community together to share lessons learned and…

A German privacy watchdog has banned social media company Facebook from harvesting data on WhatsApp users.  Hamburg’s data protection commissioner said that WhatsApp’s privacy policy was in breach of European data protection rules following a recent change.  WhatsApp, which was bought by Facebook in 2014, has more than 2 billion monthly users. In January 2021, the app asked its users to grant WhatsApp additional powers to share their data with its parent company, Facebook.  Users have been given until…

This latest attack also steals credentials from Telegram, Discord and Steam, according to a Trend Micro analysis. Image: iStockPhoto/danijelala Bad actors put a new twist on an existing piece of malware to steal private keys for cryptocurrency accounts and other account credentials, according to analysis from Trend Micro. The entry point is a spam email that contains a request for a quote for business services and malicious Excel files. Panda Stealer uses a fileless approach…