Lack of resources & rate limiting is #4 on the OWASP Top 10 API Security Risks 2019. It is a prevalent API security risk. As per OWASP, rate limiting and resource-related flaws in APIs are quite easy to exploit, especially with automated toolkits and for-hire services. But the exploitation of the lack of resources & rate limiting flaws has severe consequences for the organization. So, what exactly is this security risk, and how do you prevent it?

I recently had the pleasure of participating in a great panel discussion at the San Diego Cyber Security Summit, entitled “Cloud Security — Leveraging Its Strengths and Overcoming Its Vulnerabilities,” alongside representatives from Palo Alto Networks, Gigamon, Sysdig, Lacework, Imperva, and Tufin.

The Minneapolis public school district includes approximately 100 primary and secondary public schools. Between the many different schools, approximately 36,000 students are served by about 1,500 teachers. The district is currently suffering from a ransomware attack supposedly and is being extorted for a $1 Million payment by a ransomware gang.

Zoll is a medical device and technologies company that offers its services to EMS, fire professionals, and rescuers. Even the U.S. Military relies on technologies from the company in order to save lives. Zoll recently suffered from a cyber attack that may have exposed over 1 million individuals. The attack happened fast and was coordinated by an unknown group, and we still don't have all the specific details yet.

Looking for Splunk Intelligence Management? We’ve made some updates — learn more here.

Each day, there are multiple news stories about fraud. Some share details about fraud committed against government entities or agencies, some tell us about instances in our educational institutions, and still, others describe the types of fraud against individuals in the form of identity theft. In the post-pandemic United States, fraud has increased in the public sector because our government has made benefits more accessible to those in need.

BlackSnake is a ransomware-as-a-service (RaaS) group that first appeared in a hacking forum in August 2022, where the operators were seeking affiliates and stating that they would take 15% of the profit, which is below the typical average of 20-30%. On February 28, 2023, a new variant of BlackSnake was spotted, and is notable for having a clipper module that targets cryptocurrency users.

According to the Cloud Security Alliance, the average large enterprise has 946 custom applications deployed. Traditionally, organizations deployed Web Application Firewalls (WAF), which provide visibility and enforce security controls on external traffic that passes through them, at the perimeter to protect these applications against external attacks.

You’ve heard about it. A lot. But there are quite a few nuances when it comes to how Zero Trust security is defined and discussed. Is it a platform or a principle? It’s one of those terms that’s so widely cited that it has the tendency these days to elicit eye rolls within the cybersecurity industry and to be referred to as a buzzword by those sitting at the cool kids’ lunch table.

Velero is an open source tool for backing up and restoring resources in a Kubernetes cluster, performing disaster recovery, and migrating resources and persistent volumes to another Kubernetes cluster. Velero backup helps many organizations protect data stored in persistent volumes and makes your entire Kubernetes cluster more resilient. Velero has been pulled over 50M times from DockerHub! It is the most popular data protection choice for the Kubernetes community.