Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the event that there was a malicious actor who wanted to disable a country or state's power supply, the utility sector would be one of the first targets of this attack as seen in the Moore County power outage and the recent attacks on Portland’s infrastructure. Whenever stakes are this critical, it is essential that security is prioritized throughout the systems and processes involved in such matters.

A common topic in our blog is the threat that insiders pose to an organization’s sensitive data. Why? ‘Insider threats’ continue to pose the biggest threats to intellectual property (IP) and military secrets. Insiders, including contractors, need access to sensitive information to do their job, but to what extent? How can we prevent sensitive information from being exfiltrated by malicious insiders?

Kubescape, an end-to-end open-source Kubernetes security platform, embarks on a new journey. Kubescape, created by ARMO, will fully migrate to the CNCF. This coincides with the launch of ARMO Platform, a hosted, managed security solution powered by Kubescape.

Kubernetes adoption has rocketed into ubiquity. At this point, 96 percent of organizations are either using Kubernetes for container orchestration or evaluating its use, according to the latest Cloud Native Computing Foundation annual survey. But this doesn’t mean that Kubernetes isn’t without security risks. The flexibility of container applications and their capability to carry discrete components that interact over the network present security challenges.

In the first blog in this series, we discussed setting up IAM properly. Now we’re moving on to the second step, avoiding direct internet access to AWS resources. When AWS resources like EC2 instances or S3 buckets are directly accessible via the Internet, they are vulnerable to attack. For example, brute force attacks on SSH login, denial of service (DOS) attacks on server resources via Layer 3, 4, or 7 flooding, or the inadvertent disclosure of data on an S3 bucket.

In Africa, there are a plethora of banking prospects. The area is a “sleeping giant” when it comes to having access to conventional bank accounts, online banking, and reasonably priced financial services. Identity Verification APIs are now providing resolutions to the finance sector with their old customer onboarding woes in Africa. The World Bank estimates that 57% of Africans still don’t have a bank account of any type, including a mobile money account.

It would be maddening if someone looked over your private files on your phone. Imagine someone scrolls through your phone gallery without your permission and steals your secret files. How irritating that would be! Moreover, you never know what will happen if your photos get exposed. Someone could spread your private pictures on social media and use them for evil intentions that can lead to serious embarrassment or, in the worst scenario, severe crimes.

I’m thrilled to be partnering with Nethanel Gelernter and taking on the CEO role at Cyberpion. Several months ago, Liran Grinberg introduced me to Cyberpion to explore the possibility of joining the Board and helping the leadership team take the company to its next level of growth.

It’s one of our favorite times of the year – the unveiling of our annual State of Software Security (SoSS) report. Software security issues can have devastating effects on organizations, damaging their financial stability and reputations. That’s why our research this year centered on a crucial question: what can be done to avoid introducing security flaws in the first place?