Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A significantly evolved version of the Shai-Hulud malware now tracked as Sha1-Hulud has been discovered with over 800 packages affected, now featuring persistent backdoor capabilities through compromised GitHub Actions runners and enhanced multi-cloud credential harvesting.

Nearly 94% of ransomware attacks initially targeted backups. Mainly to encrypt them. That means, for SaaS and DevOps platforms, backup alone no longer solves the problem of data protection. A copy of backup data is worthless if it can be altered (corrupted) or blocked when you need it most. Besides, integrity has to be provable and data recovery certain. That’s why immutable storage is a baseline requirement for resilience in modern IT architectures.

Clickhouse is an incredible database. Here at Certkit, we’ve long worked in the world of “No SQL” databases like Elasticsearch precisely for their ability to query large amounts of data. But for every database, there’s an amount of data that’s “Too big”. Too big to query quickly or too big to store affordably. Clickhouse manages to thread the needle by efficiently storing truly ridiculous amounts of data while still providing impressive query performance.

In the last post we discussed why we’re building our own Certificate Transparency (CT) search tool. There’s good background on the CT ecosystem in that post, so check it out if you haven’t. This post assumes a certain understanding of terminology covered previously. Now that we know where the CT logs live, and the different kinds of logs, we need to start reading them.

Continuous Threat Exposure Management (CTEM) is a proactive cybersecurity framework that continuously reduces your attack surface in response to emerging threats.