The year 2020 began with so many promises for team Appknox. We had just ended 2020 on a high note with substantial growth in revenue, customer acquisition and regional expansion. As we looked forward charged up to blaze past 2020, the world was shocked and humbled with the sudden COVID-19 pandemic. Just like all other companies globally, Appknox was faced with tremendous pressure to act, think and evolve quickly.
The year 2020 has been a time of unprecedented change. This year’s events continue to alter the course of cybersecurity, making it even more important to ensure that we better prepare ourselves for what’s to come. In this blog post, we review the key data security trends of 2020 and share several predictions about how they will affect enterprises and cybersecurity leaders in 2021. The global pandemic reinforced the exceptional value of cloud computing to the world economy.
If you are running a user-facing web application, you likely implement some form of authentication flow to allow users to log in securely. You may even use multiple systems and methods for different purposes or separate groups of users. For example, employees might use OAuth-based authentication managed by a company-provided Google account to log in to internal services while customers can use a username and password system or their own Google credentials.
This bulletin provides an overview of four critical vulnerabilities observed during December 2020, some of which are known to have been actively exploited, and it is recommended that organizations apply all necessary security updates and/or mitigation steps to prevent the exploitation of.
CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP. In addition, an attacker that can patch the status of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
The annual list of top security projects from Gartner provides key insights on where security leaders should focus their limited time and resources to be the most effective at protecting their data, users, and infrastructure. Netskope provides value for each of the top 10 recommended security projects for this year and next, including many critical capabilities. This blog series will highlight each Gartner recommendation and how Netskope specifically can help.
When we set out to create a cloud-based tool for configuration monitoring, we used the tools we knew and wrote UpGuard using JRuby. For our application, JRuby had many good qualities: getting started only required a one line install, the agent only needed to talk out on port 443, and it was platform agnostic. Using JRuby we demonstrated the value of system visibility, attracted our first cohort of customers, and raised the funds to expand UpGuard.
On December 17, CISA released an alert about an advanced persistent threat (APT) that compromised a number of U.S. government agencies, U.S. technology and accounting companies, and at least one hospital and one university. The cyberattack was executed by injecting malware into a software update from network management software company SolarWinds, which has over 18,000 customers.
If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.
At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.
