Last month, members of the Elastic Security team hosted a threat hunting capture the flag (CTF) event at BSides SATX. We provided the community with an environment to learn and practice threat hunting with our team, and cultivated new relationships with attendees. By sharing information with security practitioners, we can help prepare them to defend their organization’s data from attack through knowledge transfer.
If your company is a service organization and your customers trust you with their data, you may need to pass a SOC 2 (System and Organization Controls 2) audit. Compliance and certification are the goals of a SOC 2 audit. Because the integrity, confidentiality, and privacy of your customers’ data are on the line, they’ll want you to prove that you have the internal controls in place to protect that data. The SOC 2 compliance audit gives them that assurance.
As the COVID-19 pandemic rages on, many educational institutions have been forced to shift their on-campus classes to online classes. Various EdTech platforms have also launched free classes that have prompted students to try their hands on digital education. With more students turning to online learning than ever, these platforms have emerged as a lucrative target for cybercriminals.
The Cybersecurity Framework (CSF) was developed by the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce. This framework was created through collaboration between various private-sector and government experts to provide high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.
The way we shop for groceries has changed because of the unusual circumstances the world is in today. Instead of spending as much time physically in the store selecting our own items, we now have the option to order online and arrange for a time to pick them up, or better yet, have them delivered. Of course, there may be a few items you’d prefer to go in and see in person, like fresh produce.
5G is here and changing the way business is done. With this comes an increase of devices to take advantage of low latency and high bandwidth that will allow businesses to truly transform. Because of those devices, the attack surface is also rapidly expanding and will increase opportunities for bad actors. This new wave of endpoints presents both a business opportunity and a business risk. The need for proper endpoint protection is more important today than ever before!
Threat actors are leveraging top tier cloud apps to host phishing baits. Netskope Threat Labs has identified an ongoing O365 phishing campaign hosted in Google App Engine with the credential harvester mostly hosted in Azure App Service. This phishing campaign typically targets O365 users via phishing emails with a direct link or attachment.
Let’s have a look at two popular ways of opening remote shells: the good ol’ ssh and its modern counterpart, kubectl exec. Below, I will only look at the “kubectl exec” subcommand and its friends. kubectl itself is a swiss-army knife for all things Kubernetes. Comparing all of it to ssh is like comparing systemd to BSD init. Also, I will use “SSH” to mean “OpenSSH”, which is the de-facto standard for SSH protocol implementation.
