The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines are affected as well, including Kubernetes and OpenShift.

Though digital transformation is necessary, it's accompanied by some serious risks. This is the scaling conundrum of 2021 - organizations must embrace digitization to remain relevant, however, the greater the digital transformation, the greater the associated digital risks. Thankfully, with the correct digital risk management, organizations can continue to safely embrace digital transformation while mitigating the byproduct of digital risks.

To achieve DevSecOps you need to shift security left. Sounds simple, right? Well, it’s easier said than done. A recent survey conducted by SANS Institute found that 74 percent of organizations are deploying software changes more than once per month – an increase in velocity of nearly 14 percent over the past four years. To release software monthly, weekly, or even daily, security has to be integrated into the development process, not tacked on at the end.

According to Netacea’s latest research ‘The Bot Management Review: the challenge of high awareness and limited understanding’, 95% of financial services surveyed stated that they had experienced a bot attack over the past two years. Since financial services often store highly sensitive and personal information, it is essential that the security measures that they have in place can detect even the most sophisticated of bots.

Many of the third-party components we find in audits have been pulled in their entirety from public software repositories (with GitHub being the most popular these days). But with some frequency we also come across snippets—lines of code that have been copied and pasted into source code. They might be a piece of a GitHub project, but they may also have been taken from a blog site like Stack Overflow or CodeGuru.

The Splunk Attack Range project has officially reached the v1.0 release. By achieving this milestone, we wanted to reflect on how we got here, what features we’ve built for v1.0 and what the future looks like for Splunk Attack Range. What is the Splunk Attack Range? 🧐

AT&T Alien Labs closely monitors the evolution of crimeware such as the QakBot malware family and campaigns in connection with QakBot. The jointly coordinated takedown of the actors behind Emotet in late January has left a gap in the cybercrime landscape, which QakBot seems poised to fill.

To understand how often vulnerability scanning should be performed, it’s important to delve into the drivers behind this objective. Vulnerability management includes the treatment of risks identified during the vulnerability assessments. This is a vital element of the risk management regime for any organisation. Without making informed choices around risk appetite, an organisation may not get the best out of a vulnerability management programme.