A new vulnerability, CVE-2020-8557, has been detected in kubelet. It can be exploited by writing into /etc/hosts to cause a denial of service. The source of the issue is that the /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager, so it’s not taken into account when calculating ephemeral storage usage by a pod.
We recently launched Teleport 4.3 and received an overwhelming response from newer members of the community. They have requested that we go back and explain from the start what Teleport is and why it is better than using the built-in SSH machinery that comes with every Linux or BSD distribution. Teleport is an open source Linux server that allows you to easily implement SSH best practices. We have covered SSH best practices using OpenSSH on our blog before.
What the heck has happened on Twitter? Twitter accounts, owned by politicians, celebrities, and large organisations suddenly started tweeting messages to their many millions of followers, at the behest of hackers. What did the messages say? Here is a typical one which appeared on the account of rapper, songwriter, and optimistic Presidential candidate Kanye West and was distributed to his almost 30 million followers.
A wide range of privacy regulations govern how organizations collect, store and use personally identifiable information (PII). In general, companies need to ensure data confidentiality, avoid data breaches and leaks, and make sure data is not destroyed or altered in unauthorized ways. The consequences of lost or leaked PII data are significant. Of course, the individuals involved can be harmed from resulting identity theft and associated costs.
Gaining more popularity among hackers, man in the middle attacks aims to exploit the real time transfer of data. Keep reading to learn more! When attacking an organization, hackers are focused on being swift and stealthy. In order to successfully infiltrate, steal sensitive information or hurt an organization in various other ways, hackers must be able to go under the radar for a while.
This blog from senior security consultant Jed Kafetz runs through the key information Redscan requires to scope, plan and price a web application penetration test to ensure it delivers the best outcomes and value for money. When reaching out to us for a quotation, providing the most complete and accurate information possible will not only guarantee a quick turnaround time, but will also ensure that we are not under or over scoping the engagement.
Financial firms need to take a holistic view on their financial crime defenses to keep pace with the changing crime landscape. Dealing with the onslaught of attacks has historically elicited a Pavlovian response to this age-old problem — increased regulations or tighter risk management protocols, which in turn have proven to be ineffective over the long term.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework goes back to the year 1992. The industry was looking for an internal control framework, and the COSO Internal Control Framework was the answer. There are three COSO compliance disciplines, five internal control components, and 17 principles focused on internal controls.
