A few days ago, on February 23, the US Senate Intelligence Committee held a hearing with executives from SolarWinds, FireEye, CrowdStrike and Microsoft about the SolarWinds hack. It’s worth listening in full, but we want to focus on one particular aspect described by the participants – the malware shutting down endpoint monitoring agents.

Java configuration is everywhere. With all the application frameworks that the Java ecosystem has, proper configuration is something that is overlooked easily. However, thinking about Java configuration can also end up in a security issue if it is done in the wrong way. We call this misconfiguration. Security misconfiguration is part of the infamous OWASP top 10 vulnerability list and has a prominent spot on place 6.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Got a Mac? Lots of Macs? OK, then have this nice warm feeling that someone cares enough to give you a nice surprise sometime down the line. What to place bets on how nice that present will be?

All sources agree that cyber crime is increasing year on year, putting businesses small and large at increasing risk. Attacks jumped by 31% during the height of the 2020 pandemic alone, and is predicted to cost the global economy over $10 trillion by 2025. In order to stay ahead of the hackers, savvy enterprises are stepping up their security scanning regimes by using vulnerability scanning and penetration tests to uncover security flaws.

There is no doubt how regular penetration tests are an essential part of the vulnerability management process to reduce risks. It is important to ensure penetration tests are efficient and to do so, the use of correct penetration testing methodologies is an essential component. A methodology in this context defines the logic using which various test cases are carried out to assess an asset’s security. Let’s start with the basics first and then move on to the topic.

Considering the continuous increase in cybersecurity attacks targeting large organizations over the past few years and regulations like PCI DSS, HIPAA, NIST 800-731 – to name a few – it’s no surprise that enterprise investment in vulnerability management is on the rise. Detecting, prioritizing, and remediating security vulnerabilities in today’s rapidly evolving threat landscape is no small feat.

Devops teams are flocking to GitOps strategies to accelerate development time frames and eliminate cloud misconfigurations. They should adopt a similar ‘as-code’ approach to policy. One risk in deploying fleets of powerful and flexible clusters on constantly changing infrastructure like Kubernetes is that mistakes happen. Even minute manual errors that slip past review can have substantial impacts on the health and security of your clusters.

Internet dating is a great thing. No longer are you reliant on bumping into that future special someone in a bar, at the workplace, or in the local coffee shop. As humans, our world has never been so connected, our reach so vast and now even finding love the same is true. Firstly, let’s just start by accepting internet dating is a thing and has been a thing before the world went into various states of lockdown, it has been around pretty much since the widespread use of the internet itself.

All organizations want to take advantage of the cost savings, operational efficiency, and improved capabilities that a shift to the cloud provides. But having the right protections in place is key to make sure not only your users are protected, but that your sensitive data is also protected. Especially as workforces become increasingly remote, improved functionality and cloud security are both must-haves for any organization.

“Destroying things is much easier than making them.” This quote from The Hunger Games rings true in software; developers spend months perfecting their innovative applications only to see it all crumble at the nimble fingers of a speedy cyberattacker. So how do you beat them? Improve your secure coding know-how early on and keep it sharp. More than half of organizations in North America provide developers with some level of security training annually, or less often.