Fixing vulnerabilities can be hard—especially so for cloud-native applications. Let’s take a deeper look at why this is, and how mitigating controls can help secure your cloud-native applications.

On Wednesday, May 18, 2022, VMware published an advisory (VMSA-2022-0014) to address multiple vulnerabilities, including CVE-2022-22972, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. This vulnerability was assigned a CVSSv3 score of 9.8, making it a critical vulnerability.

A joint security advisory by the national cybersecurity agencies of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom has identified the top 10 initial access vectors routinely exploited by threat actors to break into an organization.

TTP hunting is an intelligence-based type of cyber threat hunting that analyzes the latest TTP (Tactics, Techniques, and Procedures) used by hackers and cybercriminals. TTP threat hunters study the newest tools and technologies used by cybercriminals, learn how to detect new attack trends, and gather enough cyber threat intelligence so that companies can fully protect their attack surface.

Enterprises are shifting rapidly to the cloud in order to increase scalability, improve efficiency and lower their costs. In the process, every company has become a software company — constantly building and updating new software — while the cloud has radically transformed how software is built. Oftentimes, the modern cloud-native application will be made up of several (or hundreds of) microservices, while being hosted on dynamic scaling platforms like Kubernetes.

The Splunk Threat Research Team has addressed a new malicious payload named AcidRain. This payload, deployed in the ongoing conflict zone of Eastern Europe, is designed to wipe modem or router devices (CPEs).

Software-as-a-service or SaaS has taken the business world by storm. With enormous benefits and features, it is no surprise that the SaaS industry has increased by 500% over the past seven years only. However, like any other technology, it carries a significant risk of data breaches. Do you know that encryption worries are the biggest SaaS-related security concerns for businesses?

But if your organisation hasn’t commissioned a pen test before, you might be wondering what’s actually involved. Read on to learn about the key penetration testing steps we follow.

Infrastructure as code (IaC) has become the de-facto method for dealing with infrastructure at scale. This codification of infrastructure configurations lets software development teams create version-controlled, reusable configurations. Moreover, it enables integrating infrastructure management as a part of the delivery pipeline.

Ekran System is glad to announce new capabilities for integrating with Microsoft Power BI that will help you simplify data processing and visualization. Since the majority of our customers use Microsoft Power BI to visualize data, optimizing the Ekran System API for working with this tool was a top priority for us. Now, you can easily and quickly export your monitoring data from Ekran System directly to a report template of your choice in Power BI.