Cryptomining Overview for DevOps

Cryptomining Overview for DevOps

What is cryptomining? Malicious cryptomining or cryptocurrency-mining is when cybercriminals exploit unpatched vulnerabilities, weak credentials, or misconfigurations to enter systems and utilize its computer power to generate cryptocurrency. DevOps and cryptomining While ransomware seems to be the hot topic, cryptomining is still a cyberattack with dire consequences. Remember Apache Log4j (Log4Shell)—to be honest, who can forget? This critical vulnerability was mostly observed in the wild in cryptomining attacks. Think of the uptick in cryptomining like…

Read More

Secure application development for the cloud best practices

Secure application development for the cloud best practices

Why follow best practices? Understanding and following best practices as well as building in the cloud on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform™, Kubernetes, containers, and applications will enable you to get the most out of your toolkit. This includes more security as you are building, more proficiency with the tools and services you are using, better structure, faster environment, a reliable system that will withstand outages, and a more cost-effective solution….

Read More

Cybersecurity Basics: Authentication and Authorization

Cybersecurity Basics: Authentication and Authorization

What is identity and access management? Identity and access management (IAM) ensures the right people in the right job roles can access the tools, systems, and services absolutely necessary to do their jobs. It is part of the foundation to a strong zero trust approach that answers two fundamental questions you should be asking about every solution you build: who is that and what have we allowed them to do? The “Who” Determining who you…

Read More

Why the Mitre Engenuity ATT&CK Evaluations Matter for CISOs

Why the Mitre Engenuity ATT&CK Evaluations Matter for CISOs

Why the Mitre Engenuity ATT&CK Evaluations Matter for CISOs This year’s MITRE Engenuity™ ATT&CK Evaluation simulates techniques associated with notorious threat groups Wizard Spider and Sandworm to test solutions’ ability to detect and stop APT and Targeted Attacks. By: Trend Micro April 08, 2022 Read time:  ( words) As the cyber attack surface continues to rapidly expand, enterprises need a security solution that can help organizations to better understand, communicate, and mitigate cyber risk across…

Read More

How to Optimize Your Lambda Code

How to Optimize Your Lambda Code

This code worked well in our tests and was approved in the code review process. It returns True when there are two files with the right prefixes, and it returns False when there isn’t. Simple enough. That wasn’t what happened in real life, however. It would still work in the scenario where the right files are there, but it would, only sometimes, return True when just one of the files were there. And this was…

Read More

5 Zero Trust Security Model DevOps Integrations

5 Zero Trust Security Model DevOps Integrations

Five key pillars of zero trust A zero trust security approach across can be broken down into five distinct pillars: device trust, user trust, transport/session trust, application trust, and data trust. To efficiently coordinate the security of each pillar consider leveraging a cybersecurity platform that gives you visibility into your entire IT infrastructure, with the access to security automation tools, customizable APIs, and a broad set of third-party integrations. 1. Device trustThe number of devices…

Read More

How CISOs can Mitigate Cryptomining Malware

How CISOs can Mitigate Cryptomining Malware

How CISOs can Mitigate Cryptomining Malware Risk Management Learn more about cloud-based cryptomining, its repercussions, and how CISOs can create an effective risk mitigation strategy for this threat. By: Jon Clay March 29, 2022 Read time:  ( words) As cryptocurrencies continue to grow in popularity, organizations are increasingly at risk for cryptomining attacks. In fact, Apache Log4j (Log4Shell)—the holiday gift no one asked for—was observed to be mostly used for cryptomining and ransomware by cybercriminals….

Read More

Terraform Tutorial: Drift Detection Strategies

Terraform Tutorial: Drift Detection Strategies

A common misconception among DevOps teams using infrastructure as code (IaC) tools is that the templates they use to run their deployments are infallible sources of truth. Instead, a fundamental challenge of architectures built using tools like Terraform is configuration drift. This occurs when the actual state of your infrastructure begins to accumulate changes and deviates from the configurations defined in your code. Configuration drift can occur for many reasons, regardless of how good your…

Read More

Threat Intelligence: Cyber Risk Management Strategies

Threat Intelligence: Cyber Risk Management Strategies

4. Old vulnerabilities remain relevant While Apache Log4Shell (Log4j) was arguably the most prominent zero-day vulnerability of 2021, older flaws remained relevant and effective as well. Data from Trend Micro™ TippingPoint™ shows that the greatest number of detections (75 million) this year were of CVE-2019-1225, a memory disclosure flaw in Microsoft’s Remote Desktop Services (RDS) discovered in August 2019. Explaining cyber risk to the board As the digital attack surface expands due to the accelerated…

Read More

5 Frequent Cybersecurity Software Vulnerabilities & Indicators

Why the Mitre Engenuity ATT&CK Evaluations Matter for CISOs

Vulnerabilities in software and infrastructure are a fact of life for developers and SREs, but that doesn’t mean you must accept them. Given the exponential growth of vulnerabilities, DevOps teams must be aware of and learn how to mitigate these risks to ensure healthy systems and applications. This article will focus on five common vulnerabilities in no particular order of severity. We’ll examine some in-depth information on each vulnerability’s root cause and how it can…

Read More
1 11 12 13 14 15 17