A security questionnaire is a set of questions designed to help an organization identify potential cybersecurity weaknesses among its third-party and fourth-party vendors, business partners, and service providers. Organizations use security questionnaires to deliver informed vendor risk assessments. They allow organizations to vet potential vendors and other third parties by ensuring their information security practices and security policies meet both internal and external requirements.

Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes. It is very resilient and supports scaling, rollback, zero downtime, and self-healing containers. The primary aim of Kubernetes is to mask the complexity of overseeing a large fleet of containers.

Are you wondering how to secure your Kubernetes clusters? Do you even know whether your Kubernetes is secure? Kubescape by ARMO might be the tool to help you with those and many other tasks related to Kubernetes security and scanning. Check this video by Viktor Farcic from DevOps Toolkit on Kubescape as he covers the 3 main K8s security areas – While reducing the number of false positives to a minimum and getting help fixing issues.

In the last few days, Linux maintainers disclosed a broadly available Linux kernel vulnerability that enables attackers to escape containers and get full control over the node. To be able to exploit this vulnerability, the attacker needs to be able to run code in the container and the container must have CAP_SYS_ADMIN privileges. Linux kernel and all major distro maintainers have released patches.

Did you know that the household data of 123 million Americans were recently stolen from Alteryx’s Amazon cloud servers in a single cyberattack? But the blame for this cannot fairly be laid at the feet of Jeff Bezos. No – the origin of this theft, and many other cybersecurity crimes began long before this data was uploaded to any cloud server. In another high-level cyberattack, financial data on 47,000 Americans was exposed on an S3 bucket from the US National Credit Federation in 2017.

Did you know that the household data of 123 million Americans were recently stolen from Alteryx’s Amazon cloud servers in a single cyberattack? But the blame for this cannot fairly be laid at the feet of Jeff Bezos. No – the origin of this theft, and many other cybersecurity crimes began long before this data was uploaded to any cloud server. In another high-level cyberattack, financial data on 47,000 Americans was exposed on an S3 bucket from the US National Credit Federation in 2017.

On June 23, 2021, threat actors reported that they had stolen a terabyte of data from Saudi Aramco, a state-owned oil company in Saudi Arabia. The threat actors released samples of data they had procured after redacting critical information. They also claimed to have detailed information on Aramco’s employees, such as their full names, photographs, passport scans, emails, phone numbers, residence permit (Iqama card) numbers, job titles, employee ID numbers, and family information.

Single sign-on, or SSO, is a valuable addition to your enterprise security arsenal. It doesn’t protect against every threat, but it can reduce your attack surface, lower IT costs, and provide a better login experience for your employees.

In what is being described as the most significant update to the scheme since it launched in 2014, the National Cyber Security Centre (NCSC) has announced that the technical controls for Cyber Essentials and Cyber Essentials Plus will be updated as of 24th January 2022. The change is to bring the scheme in-line with the evolving cyber security challenges that organisations now face, particularly around the adoption of cloud services and hybrid working.

The results from the 2021 Global Security Attitude Survey paint a bleak picture of how organizations globally are feeling about the cybersecurity landscape before them. Organizations are grappling with shortages of cybersecurity skills and a lack of capability to detect and contain intrusions in a timely way.