When AT&T Incident Response Consultants first engage a client during a ransomware incident, the situation is often very chaotic. The client's ability to conduct business has stopped; critical services are not online, and its reputation is being damaged. Usually, this is the first time a client has suffered an outage of such magnitude. Employees may wrongly fear that a previous action is a direct cause of the incident and the resulting consequences.

Whether it’s a security assessment, a vulnerability scan, a red team or a pen test – What’s common? To identify issues and mitigate them from an organizational risk perspective. This article is aimed at weeding out various confusions from the readers mind. Stock up your caffeine, we are going to cover these areas under this topic.

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8566) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8566 if you created a Kubernetes cluster using ceph cluster as storage class, with logging level set to four or above in kube-controller-manager. In that case, your ceph user credentials will be leaked in the cloud-controller-manager‘s log.

Kovter is a fileless malware that attempts to remain invisible and targets the Windows operating system. Kovter avoids detection as it relies on the host registry to store its configuration data, thus avoids traditional endpoint protection (anti-virus) file scanning.

By this time in 2020, you’re probably well past the panic of pandemic cybersecurity. The “New Normal” isn’t very new anymore and what was once perceived as short term crisis management of security is looking more like a long term solution. As we look ahead, it’s important to look at what we’ve learned from this situation, as security professionals and how we can apply that to the long road we still have ahead of us.

Today, we released the 11th volume of our annual State of Software Security (SOSS) report. This report, based on our scan results, always offers an abundance of insights and information about software vulnerabilities – what they are, what’s causing them, and how to address them most effectively. This year is no different. With last year’s SOSS Volume 10, we spent some time looking at how much things had changed in the decade spanning Volume 1 to Volume 10.

You don’t have to search very far in the news to see stories of websites being hacked and customer details being stolen. Stories about incidents involving industrial control systems (ICSes) and operational technology (OT) environments aren’t so common. But they are prevalent. Just the other week, for example, an airline company sent out an email letting me know that their database had been hacked and that my travel details might have been taken.

Ever since Snowflake burst onto the scene in 2014, the company and the software has been massively influential in how we all think of storing and accessing data. Snowflake reached new heights in September when they launched their IPO — at 28 million shares and $3.4 billion raised, it’s the largest software IPO in history. The higher financial profile and cash influx means Snowflake can expand its reach even further.

We asked Samy Denno, the Head of our SOC, to give us an insight into managing a busy security operation and tell us what it takes to start out as an analyst.

The Australian Government is committed to protecting the essential services all Australians rely on by uplifting the security and resilience of critical infrastructure. Increasingly interconnected and interdependent critical infrastructure is delivering efficiencies and economic benefits to operations.