Recently, Facebook announced a new initiative aimed at protecting how its users’ data is managed across its platforms: the Data Protection Assessment. The assessment consists of a questionnaire for apps that access advanced permissions and specifically focuses on how developers protect, share and use platform data.
If you are dealing with vulnerability management, chances are you’ve been wondering if there is a better way to store, manage, and link Security Content Automation Protocol (SCAP) scan data. The answer is yes! With Ignyte’s machine learning capabilities. The new SCAP module, recently released by Ignyte Assurance Platform, reimagines the user-friendly interface to visualize and compare scan data in one place, as well as track changes and progress over time.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization’s Kubernetes system to help companies make their Kubernetes environment more difficult to compromise. This 52-page cybersecurity technical report offers practical guidance for admins to manage Kubernetes securely, focusing on the common three sources for a compromised Kubernetes environment.
IoT devices are ubiquitous in our daily lives—whether it’s at home with connected home automation devices, or at work with connected factories, hospitals, and even connected cars. According to Gartner, there were over 20 billion IoT devices in 2020. As businesses globally over the past decade have transformed their processes with more embedded IoT-driven intelligence, these billions of connected devices have also become a soft target for cyber criminals.
The Splunk Threat Research Team (STRT) has detected the resurface of a Crypto Botnet using Telegram, a widely used messaging application that can create bots and execute code remotely. The STRT has identified attacking sources from China and Iranian IP addresses specifically targeting AWS IP address space. The malicious actors behind this botnet specifically target Windows server operating systems with Remote Desktop Protocol.
In an age when attackers create over a million phishing sites each month, and phishing serves as a beachhead for 95 percent of all attacks against enterprise networks, how can businesses respond? Part of the answer lies in educating users to recognize and report phishing, of course. But user education only goes so far – particularly because the same statistics cited above show that, on average, only 3 percent of users will report phishing emails.
We’re going to talk about state versus change. For the purposes of our discussion, you need to know that Tripwire Enterprise offers something called TE Commander. Many enterprise applications lack a native command line interface. This can be a challenge if you want to automate and integrate basic operations, which is a necessary function in most enterprise IT environments.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the legacy between the healthcare industry and cyberattacks, the vulnerable points in the healthcare system, and how risks can be mitigated. Did you know that for 10th year in a row, the healthcare industry has seen the highest impact from cyberattacks of any industry?
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. First up this week is quite a terrifying use of an iPhone vulnerability…
