Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Detect CVE-2020-8557 using Falco

A new vulnerability, CVE-2020-8557, has been detected in kubelet. It can be exploited by writing into /etc/hosts to cause a denial of service. The source of the issue is that the /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager, so it’s not taken into account when calculating ephemeral storage usage by a pod.

Teleport Demo Video - Modern SSH

We recently launched Teleport 4.3 and received an overwhelming response from newer members of the community. They have requested that we go back and explain from the start what Teleport is and why it is better than using the built-in SSH machinery that comes with every Linux or BSD distribution. Teleport is an open source Linux server that allows you to easily implement SSH best practices. We have covered SSH best practices using OpenSSH on our blog before.

The Twitter mega-hack. What you need to know

What the heck has happened on Twitter? Twitter accounts, owned by politicians, celebrities, and large organisations suddenly started tweeting messages to their many millions of followers, at the behest of hackers. What did the messages say? Here is a typical one which appeared on the account of rapper, songwriter, and optimistic Presidential candidate Kanye West and was distributed to his almost 30 million followers.

How to Protect PII

A wide range of privacy regulations govern how organizations collect, store and use personally identifiable information (PII). In general, companies need to ensure data confidentiality, avoid data breaches and leaks, and make sure data is not destroyed or altered in unauthorized ways. The consequences of lost or leaked PII data are significant. Of course, the individuals involved can be harmed from resulting identity theft and associated costs.

Top 5 Risks that Can Compromise Your Life Sciences Data

The goal of every life sciences company is to improve the lives of patients by getting their product to market. To do so often requires successfully completing a clinical trial. It goes without saying, however, that keeping the resulting data secure and compliant is paramount. Restricting access to only those that need it is an essential first step, but there is much more that needs to be done.

Get-inboxrule: Find Risky Inbox Rules in Office 365

Inbox Automation such as forwarding, redirecting, and moving items around can be crucial to many business operations. For example today I was integrating receipt bank, a third party receipt and invoicing system which in turn integrates with our accounting software. Like many respectable third party systems, it supports a robust API for fetching invoices from my suppliers. However it does not do them all and like in many instances, mailbox automation comes in to help.

10 Steps to Prevent Man in the Middle Attacks

Gaining more popularity among hackers, man in the middle attacks aims to exploit the real time transfer of data. Keep reading to learn more! When attacking an organization, hackers are focused on being swift and stealthy. In order to successfully infiltrate, steal sensitive information or hurt an organization in various other ways, hackers must be able to go under the radar for a while.

Web application penetration testing: maximising value through effective scoping

This blog from senior security consultant Jed Kafetz runs through the key information Redscan requires to scope, plan and price a web application penetration test to ensure it delivers the best outcomes and value for money. When reaching out to us for a quotation, providing the most complete and accurate information possible will not only guarantee a quick turnaround time, but will also ensure that we are not under or over scoping the engagement.

Tackling Financial Crime is a Matter of Data: Fresh Thinking on an Age-Old Problem

Financial firms need to take a holistic view on their financial crime defenses to keep pace with the changing crime landscape. Dealing with the onslaught of attacks has historically elicited a Pavlovian response to this age-old problem — increased regulations or tighter risk management protocols, which in turn have proven to be ineffective over the long term.

What are the COSO Control Objectives?

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework goes back to the year 1992. The industry was looking for an internal control framework, and the COSO Internal Control Framework was the answer. There are three COSO compliance disciplines, five internal control components, and 17 principles focused on internal controls.