Cloud

Preventing Cryptocurrency Cyber Extortion

Posted on by Admin
Preventing Cryptocurrency Cyber Extortion

High value and anonymity have made cryptocurrency the de facto currency for cybercriminals—and made preventing cyber extortion top of mind for law enforcement and enterprises. Cybercriminals are looking beyond Bitcoin to stay hidden Researchers have recently shown how address-linking techniques can be used to tie Bitcoin addresses back to unique individuals. That’s called into question the fundamental value proposition of privacy that Bitcoin has staked its name on since its early days. Cybercriminals, already one…

Read More

Cybersecurity Awareness Month 2022: 3 Actionable Tips

Posted on by Admin
Cybersecurity Awareness Month 2022: 3 Actionable Tips

Decrease the Risk Assessment Time Gap Towards Continuous Assessment Semi-annual penetration tests get a box checked and keep you out of compliance jail, but cybersecurity has moved to near-real time and so too must your assessment. Continuous monitoring has been an important goal, but we need to advance it to making continuous decisions based on that continuous monitoring. Even events such as authenticating to use a VPN are too infrequent to make actionable judgements: in…

Read More

Security Risks in Logistics APIs Used by E-Commerce Platforms

Posted on by Admin
Security Risks in Logistics APIs Used by E-Commerce Platforms

Security Risks in Logistics APIs Used by E-Commerce Platforms Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. By: Ryan Flores, Charles Perine, Lord Alfred Remorin, Roel Reyes September 20, 2022 Read time:  ( words) The connectivity that we’ve experienced of late…

Read More

Pros and Cons of 5G

Posted on by Admin
Pros and Cons of 5G

With the introduction of the 5G Stand Alone (SA) method for operating a 5G base station independently by an independent 5G core network, 5G will finally be able to simultaneously support three different requirements: enhanced mobile broadband (eMBB) (high speed and large capacity), ultra-reliable and low-latency communication (URLLC), and massive machine type communication (mMTC) (ultra-mass terminal). Pros and Cons of 5G According to Deloitte Insights, there were 756 private network deployments in enterprises worldwide as of…

Read More

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Posted on by Admin
Security Breaks: TeamTNT’s DockerHub Credentials Leak

We constantly deploy and study our honeypots to get a view of actively exploited vulnerabilities and misconfigurations on platforms and services that pose cloud security risks. One of these honeypots is based on exposed Docker REST API for analysis from cloud services providers’ and users’ perspectives. Upon analyzing the samples, we realized and were able to understand the threat actors’ use of container registry features for Docker malware and tactics, techniques, and procedures (TTPs). Our…

Read More

Cloud cybersecurity necessitates automation

Posted on by Admin
Cloud cybersecurity necessitates automation

Cloud cybersecurity necessitates automation | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses CookiesBy closing this…

Read More

Biden Cybersecurity Executive Order: Ex-US Secret Service Reflects

Posted on by Admin
Biden Cybersecurity Executive Order: Ex-US Secret Service Reflects

In response to the crippling ransomware attack on Colonial Pipeline, President Biden signed Executive Order 14028, “Improving the Nation’s Cybersecurity,” on May 12, 2021. Biden’s Executive Order aimed to protect critical infrastructure from further attacks by modernizing the nation’s cybersecurity. Reflecting on the past 15 months, I look at the effectiveness of the Executive Order, its challenges, and what CISOs from businesses of all sizes and sectors can learn to strengthen their cybersecurity strategies. Overview…

Read More

How Malicious Actors Abuse Native Linux Tools in Their Attacks

Posted on by Admin
How Malicious Actors Abuse Native Linux Tools in Their Attacks

Based on real-world attacks and our honeypots, we observed that malicious actors use a variety of enabled tools that come bundled with Linux distributions, such as curl, wget, chmod, chattr, ssh, base64, chroot, crontab, ps, and pkill, that are abused by attackers for nefarious purposes. We have seen malicious actors abusing these tools in the wild. The presence of these utilities, especially inside container environments, should be at least considered, since they provide additional avenues…

Read More

Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Posted on by Admin
Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Figure 1 shows that there are 96 packages installed in this image. We can also use Grype, also an increasingly popular tool, to analyze the SBOM generated by Syft to scan the original image for vulnerabilities. The extent of the risk of using Debian-based images is plain to see: The more packages there are, the larger the attack surface becomes. This also results in a bigger disk and bandwidth footprint, which has pushed many developers…

Read More

3 Hybrid Cloud Security Challenges & Solutions

Posted on by Admin
3 Hybrid Cloud Security Challenges & Solutions

The accelerated shift to the cloud was mostly borne out of necessity due to the influx of remote workers and changing customer demands requiring more business agility. According to Forrester, 94% of US enterprise infrastructure decision makers are using at least one type of cloud deployment. While there is a push to be cloud-native, the reality is that most companies will keep their “crown jewels” or critical systems on private clouds or on-prem, while leveraging…

Read More
1 7 8 9 10 11 19