Over the time, we have seen passwords being leaked regularly, and the majority of these passwords are common words or words with a simple combination of numbers and special characters, which makes the hashes of such passwords easier to crack.

COVID-19 provided the public and private sectors with a crash course in remote work. Regardless of their approach to remote or distributed work before the pandemic, organizations, including governments and schools, had to stand up a fully remote workforce in a matter of days. Those tasked with making the switch found themselves forced to face and tackle new and unfamiliar obstacles. They also learned what it takes to shift work processes to a hybrid or fully remote environment.

Low-code development platforms open the way for greater independence and efficiency for business users. Unfortunately, they sometimes also open the way for attackers, as a result of poor low-code security practices, especially as low-code application security tries to catch up with traditional application security. Last year, Microsoft’s Detection and Response Team (DART) published the timeline of an attack which leveraged Power Platform, Microsoft's low-code platform.

Who said that cloud services are only exploited by opportunistic cybercriminals? Researchers from Cybereason have recently discovered a new highly targeted campaign, dubbed Operation GhostShell targeting the Aerospace and Telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia, and Europe.

When the COVID-19 pandemic descended on the U.S., companies took a no-holds-barred approach to maintain their operations. Employees up and down organizational structures were told to work from home, and IT teams were tasked with making that happen. The timeline was short, and approval processes moved quickly, which meant changes to network access and security were made more quickly, and in some cases more haphazardly, than in a “normal” situation.

There’s a great scene in the 1997 film “Contact” where the protagonist Dr. Eleanor Arroway, played by Jodie Foster, is informed that her lab’s funding has just been revoked. Arroway’s lab partner explained that the government lost faith in the project due to concerns of her engaging in questionable activities, such as watching static on TV for hours.

Privileged access management (PAM) solutions have been around in various forms for decades now. Whether you want a password vault, session management, reduced privilege or a combination of privileged management workflows, there’s been no shortage of vendors to choose from. So why does the thought of PAM still make admins shudder? Surely, it should be enjoyable to have a PAM solution humming along, reducing your organization’s risk while you, the admin, focus on your other duties.

Congratulations to the Kubespray team on the release of 2.17! This release brings support for two of the newer features in Calico: support for the eBPF data plane, and also for WireGuard encryption. Let’s dive into configuring Kubespray to enable these new features.

For the next interview in our series speaking to technology and IT leaders around the world, we’ve welcomed experienced CISCO Victor Kritakis, of Epignosis. As the head of the company’s information security policy, he is responsible for penetration testing and vulnerability assessments, staff cybersecurity training, administration of the bug bounty program, as well as maintaining the ISO 27001 certification standards.

In an effort to secure the software supply chain, Black Duck SBOM export capabilities now comply with the NIST standards in Executive Order 14028.