As the attack surface widens and cybercriminals get more sophisticated, organizations are struggling to prepare for and respond to ransomware and other cyber incidents. According to the inaugural State of Data Security report from Rubrik Zero Labs, a staggering 92% of global IT and security leaders are concerned they are unable to maintain business continuity following an attack.

Snyk recently launched a multi-day live hack series with AWS, where experts demonstrated exploits in real-time and explained how to defend against those vulnerabilities. This series helped viewers discover new ways to improve security across the application stack for AWS workloads. As part of the series, Micah Silverman (Director of Developer Relations, Snyk) and Chris Walz (Senior Security Engineer, Atlassian) discussed Log4Shell.

Kubernetes uses secret objects, called Secrets, to store OAuth tokens, secure shell (SSH) keys, passwords, and other secret data. Kubernetes Secrets allow us to keep confidential data separate from our application code by creating it separately from pods. This segregation, along with well-formed role-based access control (RBAC) configuration, reduces the chances of the Secret being exposed — and potentially exploited — when interacting with pods, thereby increasing security.

The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is one of several “gold level” standards used by public and private organizations as the basis for their cybersecurity protocols. It is also the benchmark utilized by Trustwave to protect our clients. NIST rolled out the CSF in 2014 as a set of guidelines for mitigating organizational cybersecurity risks.

We’re extremely happy to announce that Torq has joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. The CSA has more than 80,000 members worldwide and has been endorsed by the American Presidential Administration, which selected the CSA Summit as the venue for announcing the federal government’s cloud computing strategy.

TeamTNT is a notorious cloud-targeting threat actor, who generates the majority of their criminal profits through cryptojacking. Sysdig TRT attributed more than $8,100 worth of cryptocurrency to TeamTNT, which was mined on stolen cloud infrastructure, costing the victims more than $430,000. The full impact of TeamTNT and similar entities is unknowable, but at $1 of profit for every $53 the victim is billed, the damage to cloud users is extensive.

Tines empowers anyone to automate their manual work, regardless of complexity, without writing a single line of code. Many teams starting on their SOAR journey often don't know what processes can be automated and find it challenging to translate their manual work into software-based solutions. In cybersecurity, automating repetitive processes at scale is a relatively new idea with little public research to support it.

According to a survey, due to the impact of the rupee depreciation and lower overall expenditure, financial institutions are attempting to optimise their finances as much as possible, and 83% of banks globally are focused their efforts on cost optimization.

Agent Tesla is a remote access trojan (RAT) written for the.NET framework that has knowingly been in operation since 2014. Threat actors behind this malware have leveraged many different methods to deliver their payload over time including macro enabled Word documents, Microsoft Office vulnerabilities, OLE objects and most recently, compiled HTML help files.

The FTX crypto disaster is a great lesson in risk management. It brings into focus the importance of knowing where your valuables are and how they are being managed.