Security teams today need to analyze vast amounts of data from various sources, including endpoints, cloud, applications, and user activity, just to mention a few. At the same time, adversary activity is also on the rise and the threat landscape is becoming more and more complex every day. Further exacerbating the situation, security teams are strapped for resources and unable to analyze the enormous amounts of data and security alerts they receive in real time.

This blog post covers creating, storing, and using secrets in Kubernetes, encryption, RBAC, and auditing. It introduces Kubernetes External Secrets and best practices to enhance security. Let's dive in!

Twitter’s recent decision to turn off SMS two-factor authentication (2FA) for non-Twitter Blue users created a stir. While media and tech pundits questioned the company’s motives, many users complained of losing a universal security measure behind a paywall.

Since the inception of the internet and the World Wide Web (WWW), HTML has been a fundamental part of digital communication, enabling document exchange services between various devices on the network. Developed by Tim Berners-Lee, the father of the WWW, in 1993, the markup language is still used to display documents on web browsers today.

The Splunk Threat Research Team (STRT) continues to analyze and produce content related to the ongoing geopolitical conflict in eastern Europe where new variances of destructive payloads are being released, targeting government and civilian infrastructure. The sole purpose of these destructive payloads is to decimate infrastructure; there is no ransom or alternative presented, and they need to be addressed as soon as they are detected.

As the threat landscape continues to evolve and cybercriminals grow in sophistication, security teams are tasked with bolstering their cybersecurity controls, expertise, and solutions. However, doing all of that in-house has become more difficult due to the ongoing security skills shortage. There’s just not enough talent to go around — and that’s not expected to change anytime soon. The industry is trying to attract new talent.

On Thursday, April 20, 2023, VMware disclosed a critical deserialization vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs—formerly known as vRealize Log Insight—that could result in unauthenticated remote code execution (RCE) as root. The vulnerability was responsibly disclosed to VMware through the Zero Day Initiative and has not been actively exploited in campaigns. Furthermore, we have not identified a public proof of concept (PoC) exploit for CVE-2023-20864.

Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

Google Drive continues to be one of the most abused cloud services by threat actors, and the latest edition (April 2023) of the Threat Horizons Report, released by security researchers in Google’s Threat Analysis Group (TAG), shows more interesting examples of how opportunistic and state-sponsored threat actors are exploiting its flagship cloud storage service, to conduct malicious campaigns (and by the way, Netskope Cloud and Threat Report is quoted in the report).

Healthcare organisations across Europe must take precautions to protect their systems to reduce their risk of cyberattacks.