RSS_Virtulization

Docker Bench for Security is a simple way of checking for common best practices around your Docker deployments in production. Jack Wallen shows you how to use this tool. Image: Docker One of the biggest issues surrounding container deployments is security. This is such an issue because there are so many moving parts to be checked. You might have your container manifests perfectly secure, but what about your host? Or maybe your host is sound,…

Police in Chicago have arrested a former track and field coach for allegedly soliciting sexually explicit images from female athletes under false pretenses.  Chicago resident Steve Waithe was arrested on April 7 and charged with one count of wire fraud and one count of cyberstalking.  Waithe attended Loch Raven High School, where he was the Maryland State Champion in the triple jump. From 2014–15, the 28-year-old competed on Penn State’s track and field team. Coaching positions at Illinois…

The number of suspicious unemployment-related emails targeting Americans rose by 50% after the third round of stimulus checks was announced in late February, according to new data from Tessian’s threat intelligence team. News of the phishing surge comes after the United States Department of Justice warned that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, “for the purpose of unlawfully capturing consumers’ personal information.” Threat researchers found that during the week of February 24,…

A new supply chain attack made the headlines, threat actors compromised at least one update server of smartphone maker Gigaset to deliver malware. The German device maker Gigaset was the victim of a supply chain attack, threat actors compromised at least one server of the company to deliver malware. Gigaset AG, formerly known as Siemens Home and Office Communication Devices, is a multinational corporation based Germany. The company is most active in the area of communications…

Jack Wallen shows you how to install and configure FreeRADIUS as a centralized SSH authentication tool. Image: iStock/structuresxx You might have a large number of Linux machines in your data center, most of which are managed by a team of admins. Those admins probably use secure shell to access those servers. Because of that, you might want to use a centralized location to manage the authentication of those admins. For that, you can employ a…

Nearly two-thirds of Americans avoid using websites or accounts for which they have forgotten their password, according to new research published today by LastPass. The password manager and Vault app maker commissioned OnePoll to survey 2,005 Americans about their password habits.  According to LastPass, the results show that the “long-standing trend of poor password behavior persists despite increasing risks online.”  Almost two-thirds (64%) of survey respondents admitted that they would avoid visiting certain websites or accounts where they’ve forgotten their…

– Checkov has been downloaded over 1.2 million times since the project launched in December 2019, and today adds over 200 new policies, making it the most comprehensive open-source IaC scanner available. – Checkov 2.0’s new graph-based framework enables dependency-aware infrastructure as code (IaC) scanning in complex distributed environments. SANTA CLARA, Calif., April 8, 2021 /PRNewswire/ — Palo Alto Networks (NYSE: PANW), today announced the second generation of Checkov, the market-leading static analysis tool for infrastructure as…

A majority of people said they’d avoid using certain websites or accounts where they’ve forgotten their password, says LastPass. Image: designer491, Getty Images/iStockPhoto Passwords are a necessary evil in a world where we have to juggle multiple accounts across an array of websites and services. We’re constantly being told to create a strong, secure and unique password for every account. But putting that advice into practice is problematic for a variety of reasons. A report…