The investment in security operations is at an all-time high. AustCyber’s ‘Australia’s Cyber Security Sector Competitiveness Plan’ shows spend on security operations makes up more than 40% of all cybersecurity spend ($1.58B in 2018), with cyber spending growth outpacing IT spending growth by nearly two to one.

The CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates. The kube-apiserver affected are: You are only affected by this vulnerability if both of the following conditions are valid: By exploiting the vulnerability, adversaries could bypass the Validating Admission Webhook checks and allow update actions on Kubernetes nodes.

Today, I am excited to share that we secured $188M in a new funding round, at a valuation of $1.19B (read more here). At the outset, I want to thank our employees, partners, investors and most importantly, our customers for this important milestone. The funding follows a year of unmatched innovation that led to accelerated revenue growth, installed base growth, and rapid community adoption of our open source projects.

Cybercriminals are increasingly abusing popular cloud apps to deliver malware to their victims. In 2020, more than half of all the malware downloads detected and blocked by the Netskope Security Cloud platform originated from cloud apps. Cloud apps are commonly abused to deliver Trojans, with attackers attempting to exploit the trust placed in the app used for delivery. Increasingly, cloud apps are also abused for next-stage downloads, with attackers attempting to blend in with benign traffic.

The trove of 1.3 million RDP credentials leaked recently is yet again proof that, In the underground economy, initial access brokerage is a flourishing market. Cybercriminals are outsourcing the initial access stage of the attack, so they can better focus on the execution and act more quickly.

There’s a common misconception that cloud providers handle security, a relic leftover from hosting providers of previous decades. The truth is, cloud providers use a shared responsibility model, leaving a lot of security up to the customer. Stories of AWS compromise are widespread, with attackers often costing organizations many thousands of dollars in damages.

If I were to ask you why you scanned for compliance at your company, I’d bet you’d tell me it was to help you pass requirements easier, to ensure that your audits are good on the first pass and so that you could troubleshoot technical issues with another process. You didn’t know about that last one? Wait, are you telling me you don’t know about the hidden benefits of compliance that you’re getting? Let’s talk.