We often hear from our customers that to adopt a container and Kubernetes security tool in any mid sized or large organization, separation of duties and least privilege access via RBAC is a must. Admin roles cannot be granted unnecessarily to all teams. If users or groups are routinely granted these elevated privileges, account compromises or mistakes can result in security and compliance violations.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24 I do love it when an artist decides to do some random thing which just shows up the tech nightmares we try to ignore. For example, last year we had the laptop with all the viruses on. Remember that? Well, here is a fun one which I’m sure will be replicated just to annoy people.

Over the past couple of years, cyber-attacks have been increasing both in frequency and sophistication. 2019 also witnessed a surge in cyber-attacks and many companies were suffering a huge financial and reputational loss. According to CISCO, DNS hijacking and targeted malware were the serious cyber threats of 2019, along with various others. Cyber pests were using various tools to capture data and evade detection, from Remote Access Trojans (RATs) to hide threats in encrypted traffic.

The threats from data theft and fraud will continue to be a significant concern for all corporate entities in 2020. eCommerce sales, for example, are expected to reach almost one trillion dollars in the next three years, creating a growing opportunity for attackers to capitalize on fraud. A Juniper Research Report regarding online payment fraud trends estimated that digital card, not present fraud (CNP), one of several fraud categories, will reach $130 billion by 2023.

In so many ways, speed is a security analyst’s best friend. From threat detection to containment to response – the faster you are, the more secure your business will be. It’s exactly why metrics like dwell time, MTTD (mean time to detect) and MTTR (mean time to respond) exist. It’s a barometer for the strength of your organization’s security, and a gauge of success for any good security team.

Image Source: Photo by freestocks.org on Unsplash When you think of cybersecurity, what’s the first thing to come to mind? Most of the time, it might be your business’s IT team, who run around worrying about updates, threats, and computing capacity. The reality is that cybersecurity isn’t just the IT department’s concern — it’s everyone’s.

Detectify user story: Smartbear offers automated software testing solutions that help development and testing teams ensure quality throughout the software development lifecycle. Martin Loewinger, Director of SaaS Operators at Smartbear, and his team use Detectify to ensure security is a part of each product CI/CD pipeline, so that they can help their end users with test automation and monitoring.

Malware closed out 2019 on a strong note. According to AV-TEST, malware authors’ efforts throughout the year helped push the total number of known malware above one billion samples. This development wouldn’t have been possible without the vigor exhibited by malware authors in the fall of 2019. Indeed, after detecting 8.5 million new samples in June and 9.56 million specimens the following month, AV-TEST saw the monthly totals jump up above 13 million in August.

It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer. And this time they haven’t done it by listening to a PC’s fan, or watching the blinking LED lights on a hard drive or even picking up FM radio waves.

In an early January post by Mohamed Dabo of Cards International, the CEO of INETCO and the Director of Barclaycard Payment Solutions shared their views on key payment fraud and security issues that will dominate the payments landscape in 2020. Both alluded to the delicate balance between delivering an amazing customer experience, meeting compliance such as the Strong Customer Authentication (SCA) legislation, and trying to keep one step ahead of the fraudsters.