Since the release of CVE-2020-8554 on GitHub this past December, the vulnerability has received widespread attention from industry media and the cloud security community. This man-in-the-middle (MITM) vulnerability affects Kubernetes pods and underlying hosts, and all Kubernetes versions—including future releases—are vulnerable. Despite this, there is currently no patch for the issue.

RDA enables enterprises to operationalize machine data at scale to drive AI & analytics driven decisions. RDA automates repetitive data integration, preparation and transformation activities using bots that are invoked in “no-code” data workflows or pipelines. RDA helps to move data in and out of AIOps systems thereby simplifying and accelerating AIOps implementations that otherwise would depend numerous manual data integrations and professional services activities.

Countless phishing attempts are made every day, and with Covid-19 causing many organisations to move to remote working, phishing attacks have massively increased over the last year. In fact, last year’s Phishing and Fraud Report found that phishing incidents rose 220% during the height of the global pandemic compared to the yearly average.

To solve the supply chain security dilemma, producers must get back to security basics. Get best practices for securing your supply chain. Nobody wants to be known as the weak link in the chain—any chain. But too many organizations are at risk of being just that in the digital supply chain because they haven’t made the cyber security of their products a priority. The most recent evidence of that is the SolarWinds/Orion cyber attack that impacted more than 18,000 organizations.

As digital security and data privacy become increasingly caustic issues, regulatory compliance is exceedingly challenging. Not only are various regions implementing unique standards, but industries, municipalities, and platforms are issuing new guidelines as well. While CTOs have many solutions for ensuring system compliance, the human element remains more difficult to oversee, mandate, and manage.

Trying to work out the best security tool is a little like trying to choose a golf club three shots ahead – you don’t know what will help you get to the green until you’re in the rough. Traditionally, when people think about security tools, firewalls, IAM and permissions, encryption, and certificates come to mind. These tools all have one thing in common – they’re static.

With more people working from home, the threat landscape continues to change. Things change daily, and cybersecurity staff needs to change with them to protect information. Threat hunting techniques for an evolving landscape need to tie risk together with log data. Within your environment, there are a few things that you can do to prepare for effective threat hunting. Although none of these is a silver bullet, they can get you better prepared to investigate an alert.

Writing secure code in a way that prevents code injection might seem like an ordinary task, but there are many pitfalls along the way. For example, the fact that you (a developer) follow best security practices doesn’t mean that others are doing the same. You’re likely using open source packages in your application. How do you know if those were developed securely? What if insecure code like eval() exists there? Let’s dive into it.

CloudCasa™, a simple, scalable, cloud-native data protection service that supports all leading Kubernetes distributions and managed services, is now generally available through the SUSE Rancher™ Apps & Marketplace. With increasing adoption of cloud database services, CloudCasa adds cloud database support starting with Amazon RDS to its Kubernetes data protection service – addressing both Kubernetes and RDS support in a single data protection service.

Cross-site scripting (XSS) is #7 in the current OWASP Top Ten Most Critical Web Application Security Risks – and the second most prevalent web application vulnerability. It is thought to exist in two-thirds of all applications.