A first of its kind survey looks at the relationship between open-source and K8s security. Today DevOps and security teams who deploy Kubernetes are forced to make a difficult choice between two security realities. They can either commit to a proprietary solution that they can’t adapt, access its code, influence the roadmap or contribute to its future. Or they can use open-source tools. But then they’ll end up attempting to integrate several of these tools together.

CRED, a fintech company and BSIMM member since early 2022, underwent a BSIMM assessment to benchmark their security processes. CRED, launched in 2018, provides financial services and lifestyle features, and has been a member of the BSIMM community since early 2022. CRED provides a wide variety of product offerings from lifestyle to personal finance.

One of our core features at LimaCharlie is building an extensible platform that security teams can use to build a robust detection and response platform. One way we accomplish this is native integration with multiple types of detection engines and languages.

Some economic sectors may be hitting the brakes, but the cybersecurity talent shortage persists across all industries and shows no signs of abating – not while sophisticated cyberattacks continue to rise in number and complexity. The 2022 (ISC)2 Cybersecurity Workforce Study found that even as the global cybersecurity workforce is at an all-time high, it is still short by 3.4 million workers.

Cybercrime is lucrative. This world of hackers, malware, and brokers is now a trillion-dollar industry, the number one threat to the global economy, and is showing zero signs of slowing down. Fueled by the digital revolution, the global shift to a hybrid work model, and the rapid adoption of the cloud, more avenues have opened for threat actors to exploit. And their attack methods continue to evolve, with new innovations staying a step ahead of a cybersecurity industry determined to stop them.

Modern containerized applications are increasingly born in the cloud and the big three managed Kubernetes services – Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), and Google Kubernetes Engine (GKE) – rule the skies. With more users picking managed services in public cloud as their preferred platform, self-managing a backup infrastructure in the cloud is an antithesis.

I originally planned to write this story as a follow-up to another blog that SURGe released for CVE-2022-3602 and CVE-2022-3786 (aka SpookySSL). That blog mentions that we weren’t able to test with any malicious payloads yet, and as things go… After releasing that blog, we came across proof-of-concept exploits that weren’t detected by our searches.

Simplify your procurement process and subscribe to Splunk Cloud via the AWS marketplace Unlock the secrets of machine data with our new guide All companies want to protect their reputation as any mishandling of it, either self-inflicted or via outside forces, can have a devastating impact. Mitigating reputational issues involves mitigating the risk that leads to them.

Nobody likes getting audited or inspected. Well, almost nobody; there’s always one person who consistently blows the curve. They gleefully anticipate inspections because they know they’re going to get a glowing review. We all have names for that person, most of which shouldn’t be included in a business blog. But what if, (bear with me) we could be that person?

Technology has expanded the avenues bad actors use to steal identities and sensitive data. However, digital tools are also giving users innovative countermeasures to protect themselves. Here are seven tactics anyone can use to help prevent identity theft.