For many developers, a good IDE is like a Swiss Army knife. It is a tool that integrates all sorts of features you need as a developer in a single program. Therefore many developers primarily work from their favorite IDE instead of opening multiple single-purpose tools.

The Sysdig Security Research team has identified a Cryptominer attack hitting a Kubernetes pod running WordPress, related to the recent Botnet Sysrv-Hello. The goals of the attack were to control the pod, mine cryptocurrency, and replicate itself from the compromised system. In particular, the attackers targeted a misconfigured WordPress to perform initial access.

Yesterday, the Biden Administration called upon leaders from Amazon, Apple, Google, IBM and Microsoft as well as other private and non-profit organizations to discuss crucial measures for improving the overall cybersecurity posture of the United States. (This follows an Executive Order , which we wrote about in May, outlining a 100-day initiative to improve the security of the modern software supply chain ).

We have all heard about Key Performance Indicators (KPIs) and how critical they can be for your security program , but confusion remains surrounding what KPIs are important to track and how they can be used to measure and improve the organization’s security program.

Does the SOC really need to be disrupted? In an EY survey, 59% of enterprises admitted experiencing a material or significant breach. Despite the fact that SOC spend dominates an organization’s cybersecurity budget, more than half of these SOCs were actually ineffective in protecting their organizations from attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have recently published a joint advisory providing details on the top 30 vulnerabilities routinely exploited by malicious cyber actors in 2020 and those widely exploited in 2021 so far.

This summer, I was fortunate enough to get an internship at Teleport. Being part of the co-op program at the University of Waterloo, I have worked at many different companies before, and this internship will be my fourth placement as I finish my first term of the third year. The project that I was assigned to was an interesting one.

UpGuard Summit is UpGuard’s quarterly virtual event where we discuss the future of cybersecurity with security leaders across the globe. During the latest UpGuard Summit, on August 18, 2021, some exciting announcements were made about new and upcoming features. The details are summarized below.

In the past couple of weeks, I’ve had the opportunity to attend two technology events IN PERSON!!! Seeing people “mask-to-mask” has been fun and educational. Forward Networks recently exhibited at Black Hat in Las Vegas and AFCEA TechNet Augusta. Obviously, security was the topic at Black Hat, but it was also top of mind for TechNet attendees, and attendees at both events stressed the need for better network behavioral insight.

Since 2008, the CIS Controls have been through many iterations of refinement and improvement, leading up to what we are presented with today in CIS Controls version 8. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles such as threat analysts, incident responders, solution providers, policy-makers, and more.