Cloud

Security Risks in Logistics APIs Used by E-Commerce Platforms

Posted on by Admin
Security Risks in Logistics APIs Used by E-Commerce Platforms

Security Risks in Logistics APIs Used by E-Commerce Platforms Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. By: Ryan Flores, Charles Perine, Lord Alfred Remorin, Roel Reyes September 20, 2022 Read time:  ( words) The connectivity that we’ve experienced of late…

Read More

Pros and Cons of 5G

Posted on by Admin
Pros and Cons of 5G

With the introduction of the 5G Stand Alone (SA) method for operating a 5G base station independently by an independent 5G core network, 5G will finally be able to simultaneously support three different requirements: enhanced mobile broadband (eMBB) (high speed and large capacity), ultra-reliable and low-latency communication (URLLC), and massive machine type communication (mMTC) (ultra-mass terminal). Pros and Cons of 5G According to Deloitte Insights, there were 756 private network deployments in enterprises worldwide as of…

Read More

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Posted on by Admin
Security Breaks: TeamTNT’s DockerHub Credentials Leak

We constantly deploy and study our honeypots to get a view of actively exploited vulnerabilities and misconfigurations on platforms and services that pose cloud security risks. One of these honeypots is based on exposed Docker REST API for analysis from cloud services providers’ and users’ perspectives. Upon analyzing the samples, we realized and were able to understand the threat actors’ use of container registry features for Docker malware and tactics, techniques, and procedures (TTPs). Our…

Read More

Cloud cybersecurity necessitates automation

Posted on by Admin
Cloud cybersecurity necessitates automation

Cloud cybersecurity necessitates automation | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses CookiesBy closing this…

Read More

Biden Cybersecurity Executive Order: Ex-US Secret Service Reflects

Posted on by Admin
Biden Cybersecurity Executive Order: Ex-US Secret Service Reflects

In response to the crippling ransomware attack on Colonial Pipeline, President Biden signed Executive Order 14028, “Improving the Nation’s Cybersecurity,” on May 12, 2021. Biden’s Executive Order aimed to protect critical infrastructure from further attacks by modernizing the nation’s cybersecurity. Reflecting on the past 15 months, I look at the effectiveness of the Executive Order, its challenges, and what CISOs from businesses of all sizes and sectors can learn to strengthen their cybersecurity strategies. Overview…

Read More

How Malicious Actors Abuse Native Linux Tools in Their Attacks

Posted on by Admin
How Malicious Actors Abuse Native Linux Tools in Their Attacks

Based on real-world attacks and our honeypots, we observed that malicious actors use a variety of enabled tools that come bundled with Linux distributions, such as curl, wget, chmod, chattr, ssh, base64, chroot, crontab, ps, and pkill, that are abused by attackers for nefarious purposes. We have seen malicious actors abusing these tools in the wild. The presence of these utilities, especially inside container environments, should be at least considered, since they provide additional avenues…

Read More

Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Posted on by Admin
Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Figure 1 shows that there are 96 packages installed in this image. We can also use Grype, also an increasingly popular tool, to analyze the SBOM generated by Syft to scan the original image for vulnerabilities. The extent of the risk of using Debian-based images is plain to see: The more packages there are, the larger the attack surface becomes. This also results in a bigger disk and bandwidth footprint, which has pushed many developers…

Read More

3 Hybrid Cloud Security Challenges & Solutions

Posted on by Admin
3 Hybrid Cloud Security Challenges & Solutions

The accelerated shift to the cloud was mostly borne out of necessity due to the influx of remote workers and changing customer demands requiring more business agility. According to Forrester, 94% of US enterprise infrastructure decision makers are using at least one type of cloud deployment. While there is a push to be cloud-native, the reality is that most companies will keep their “crown jewels” or critical systems on private clouds or on-prem, while leveraging…

Read More

Metaverse Broadband Infrastructure Security

Posted on by Admin
Metaverse Broadband Infrastructure Security

The term “metaverse” was originally coined by author Neal Stephenson for his 1992 cyberpunk novel Snow Crash to describe a virtual reality (VR) world. Nearly 30 years later, Facebook revitalized the term after rebranding themselves as Meta with the intent to focus research and development efforts on building the metaverse. Since the announcement, Meta has introduced Horizon Worlds; other big-name companies are working on new metaverse-friendly apps. While Gartner predicts that by 2026, people will…

Read More

Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report

Posted on by Admin
Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report

According to our Trend Micro Smart Protection Network (SPN) platform, Emotet detections soared in the first six months of 2022 with 148,701 detections compared to the 13,811 detections in the first half of the previous year. Based on our telemetry, Japan was the country with the highest number of detections. Comparison of Emotet detections Year Count 1H 2021 13,811 1H 2022 148,701 Source: Trend Micro Smart Protection Network Top five countries with Emotet detections Country…

Read More
1 7 8 9 10 11 19