Every once in a while, an industry term will get overused by marketing to the point of becoming a cliche. I think “Zero Trust” may have reached this threshold. In some ways, I understand why this is happening. Security perimeters have become obsolete as people use mobile devices and cloud applications to work from anywhere.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24 . One of the vulnerabilities patched against these tools security services use to access devices has been breached by them once again it seems.
No company is free from risks and vulnerabilities. No matter how robust the digital infrastructure or how strict the cybersecurity measures are, some level of residual risk will always remain. That’s why many organizations include penetration testing in their risk assessment and security program.
Cryptocurrency is a fantastic way for people to invest their money in a technologically progressive and versatile way. However, it is also subject to considerable volatility and, as the IRS’s June announcement of a huge $2.3 million confiscation indicated, insecurity. Cryptocurrency and the regulation that surrounds it is undergoing vast change, with market forces changing on a whim every single month.
For many developers, a good IDE is like a Swiss Army knife. It is a tool that integrates all sorts of features you need as a developer in a single program. Therefore many developers primarily work from their favorite IDE instead of opening multiple single-purpose tools.
The Sysdig Security Research team has identified a Cryptominer attack hitting a Kubernetes pod running WordPress, related to the recent Botnet Sysrv-Hello. The goals of the attack were to control the pod, mine cryptocurrency, and replicate itself from the compromised system. In particular, the attackers targeted a misconfigured WordPress to perform initial access.
Yesterday, the Biden Administration called upon leaders from Amazon, Apple, Google, IBM and Microsoft as well as other private and non-profit organizations to discuss crucial measures for improving the overall cybersecurity posture of the United States. (This follows an Executive Order , which we wrote about in May, outlining a 100-day initiative to improve the security of the modern software supply chain ).
