Since April 2020 we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. Going into August we are highlighting a CVE affecting a popular password vault – KeePass, along with a few interesting ones. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.
Hybrid cloud infrastructures run critical business resources and are subject to some of the strictest network security controls. Irrespective of the industry and resource types, these controls broadly fall into three categories. Workloads (pods) running on Kubernetes are ephemeral in nature, and IP-based controls are no longer effective. The challenge is to enforce the organizational security controls on the workloads and Kubernetes nodes themselves.
I sometimes wish someone with gravitas had said, “There is no content without security.” That would have looked good coming from Churchill or Lincoln. But their lack of foresight about content services doesn’t diminish a very important fact, one that carries its own brand of import: the importance of security and governance for a company’s critical data.
With an estimated 37.9% of all internet traffic attributed to bots, and bad bots accounting for more than 50% of that, retailers and financial organizations are struggling to defend against a constant barrage of account takeovers, credential stuffing, card cracking attacks and fake account creation.
SCADA stands for Supervisory Control and Data Acquisition. It is a control system architecture that comprises computer systems, networked data communications, and Graphical User Interface (GUI) for a high-level process supervisory management. In addition, SCADA also incorporates other peripheral devices such as discrete Proportional Integral Derivative (PID) and Programmable Logic Controllers (PLC) to interface with process machinery or plant.
Amazon Web Services provides its users with the ability to create temporary credentials via the use of AWS Security Token Service (AWS STS). These temporary credentials work pretty much in the same manner like permanent credentials created from AWS IAM Service. There are however two differences.
The takeover of high profile Twitter profiles last month on July 15 made headlines when public figures like former President Barack Obama, Jeff Bezos, and Elon Musk began announcing that they wanted to “give back” to the community. But instead of making a donation to a COVID-related charity or something similar, they were promising that if people would send them Bitcoin, then they would return twice as much as they were given.
Zalo is a chat application on the rise and exceedingly popular in South-East Asia with a user base of over 100 million. In a number of countries, including Vietnam and Myanmar, the application rivals WhatsApp and Facebook Messenger as the most popular chat application. Zalo’s functionality continues to expand with Zalo Pay and Zalo Shop emerging among many new features on the burgeoning super app.
As organizations continue to adopt DevSecOps, a methodology that shifts security measures to the beginning of the software development lifecycle (SDLC), roles and processes are evolving. Developers are expected to take on increased security measures – such as application security (AppSec) scans, flaw remediation, and secure coding – and security professionals are expected to take on more of a security oversight role.
Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their victims’ infected devices.
