Cloud

Incident Response Services & Playbooks Guide

Posted on by Admin
Incident Response Services & Playbooks Guide

Cybersecurity Awareness Month 2022 Series No matter the size of a business, it faces the risk of a cyberattack. Over 50% of organizations experienced a cyberattack. And while proactive protection is ideal, there is no silver bullet when it comes to security—meaning you should plan for incident response as well. Yet, 63% of C-level executives in the US do not have an incident response plan, according to a report by Shred-It. That’s where an incident…

Read More

Stronger Cloud Security in Azure Function Using Custom Cloud Container

Posted on by Admin
Stronger Cloud Security in Azure Function Using Custom Cloud Container

Stronger Cloud Security in Azure Function Using Custom Cloud Container Cloud In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Functions. By: David Fiser, Alfredo Oliveira September 29, 2022 Read time:  ( words) We have written extensively on the security gaps in Azure Functions and Azure App Services, including their consequences. One way developers can enhance cloud security and minimize these…

Read More

Preventing Cryptocurrency Cyber Extortion

Posted on by Admin
Preventing Cryptocurrency Cyber Extortion

High value and anonymity have made cryptocurrency the de facto currency for cybercriminals—and made preventing cyber extortion top of mind for law enforcement and enterprises. Cybercriminals are looking beyond Bitcoin to stay hidden Researchers have recently shown how address-linking techniques can be used to tie Bitcoin addresses back to unique individuals. That’s called into question the fundamental value proposition of privacy that Bitcoin has staked its name on since its early days. Cybercriminals, already one…

Read More

Cybersecurity Awareness Month 2022: 3 Actionable Tips

Posted on by Admin
Cybersecurity Awareness Month 2022: 3 Actionable Tips

Decrease the Risk Assessment Time Gap Towards Continuous Assessment Semi-annual penetration tests get a box checked and keep you out of compliance jail, but cybersecurity has moved to near-real time and so too must your assessment. Continuous monitoring has been an important goal, but we need to advance it to making continuous decisions based on that continuous monitoring. Even events such as authenticating to use a VPN are too infrequent to make actionable judgements: in…

Read More

Security Risks in Logistics APIs Used by E-Commerce Platforms

Posted on by Admin
Security Risks in Logistics APIs Used by E-Commerce Platforms

Security Risks in Logistics APIs Used by E-Commerce Platforms Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. By: Ryan Flores, Charles Perine, Lord Alfred Remorin, Roel Reyes September 20, 2022 Read time:  ( words) The connectivity that we’ve experienced of late…

Read More

Pros and Cons of 5G

Posted on by Admin
Pros and Cons of 5G

With the introduction of the 5G Stand Alone (SA) method for operating a 5G base station independently by an independent 5G core network, 5G will finally be able to simultaneously support three different requirements: enhanced mobile broadband (eMBB) (high speed and large capacity), ultra-reliable and low-latency communication (URLLC), and massive machine type communication (mMTC) (ultra-mass terminal). Pros and Cons of 5G According to Deloitte Insights, there were 756 private network deployments in enterprises worldwide as of…

Read More

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Posted on by Admin
Security Breaks: TeamTNT’s DockerHub Credentials Leak

We constantly deploy and study our honeypots to get a view of actively exploited vulnerabilities and misconfigurations on platforms and services that pose cloud security risks. One of these honeypots is based on exposed Docker REST API for analysis from cloud services providers’ and users’ perspectives. Upon analyzing the samples, we realized and were able to understand the threat actors’ use of container registry features for Docker malware and tactics, techniques, and procedures (TTPs). Our…

Read More

Cloud cybersecurity necessitates automation

Posted on by Admin
Cloud cybersecurity necessitates automation

Cloud cybersecurity necessitates automation | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses CookiesBy closing this…

Read More

Biden Cybersecurity Executive Order: Ex-US Secret Service Reflects

Posted on by Admin
Biden Cybersecurity Executive Order: Ex-US Secret Service Reflects

In response to the crippling ransomware attack on Colonial Pipeline, President Biden signed Executive Order 14028, “Improving the Nation’s Cybersecurity,” on May 12, 2021. Biden’s Executive Order aimed to protect critical infrastructure from further attacks by modernizing the nation’s cybersecurity. Reflecting on the past 15 months, I look at the effectiveness of the Executive Order, its challenges, and what CISOs from businesses of all sizes and sectors can learn to strengthen their cybersecurity strategies. Overview…

Read More

How Malicious Actors Abuse Native Linux Tools in Their Attacks

Posted on by Admin
How Malicious Actors Abuse Native Linux Tools in Their Attacks

Based on real-world attacks and our honeypots, we observed that malicious actors use a variety of enabled tools that come bundled with Linux distributions, such as curl, wget, chmod, chattr, ssh, base64, chroot, crontab, ps, and pkill, that are abused by attackers for nefarious purposes. We have seen malicious actors abusing these tools in the wild. The presence of these utilities, especially inside container environments, should be at least considered, since they provide additional avenues…

Read More
1 7 8 9 10 11 19