Throughout the duration of COVID-19, there have been consistent rumors of increased nation-state espionage. In parallel, many recent ransomware strains have a COVID-19 tie-in. Now the United Kingdom's National Cyber Security Centre (NCSC), published an advisory report that the threat group APT29 is targeting governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain which are involved in COVID-19 vaccines development and testing.

Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) are two protocols that are used to identify a host address on a network when the DNS name resolution, which is the conventional method, fails to do so. When a DNS server is unable to resolve a request from a requester machine, the latter broadcasts a message to its peer computers asking for the location of the required server. Hackers leverage this operation to steal the credentials of the requester machine.

This blog was written by an independent guest blogger Image Source In Part 1 and Part 2 of this series, we covered the first two steps to better cybersecurity in touchless business solutions, which is to practice extra caution in cashless payment solutions, and to heighten cybersecurity and data protection protocols. We conclude this series by discussing the third step to improve cybersecurity for touchless systems, which is to automate wherever possible through innovative technologies.

This blog was written by a third party author Vulnerability scanning is the process of detecting and classifying potential points of exploitation in network devices, computer systems, and applications. This is done by inspecting the same attack areas used by both internal and external threat actors—such as firewalls, applications, and services that are deployed either internally or externally—to gain unauthorized access to an organization’s network and assets.

Because applications and software vulnerabilities are the most common external point of attack, securing applications is a top priority for most organizations. An essential component for reducing this risk is application security testing (AST). In this blog, we focus on interactive application security testing (IAST), the relative newcomer in the AST market.

A new vulnerability, CVE-2020-8557, has been detected in kubelet. It can be exploited by writing into /etc/hosts to cause a denial of service. The source of the issue is that the /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager, so it’s not taken into account when calculating ephemeral storage usage by a pod.

What the heck has happened on Twitter? Twitter accounts, owned by politicians, celebrities, and large organisations suddenly started tweeting messages to their many millions of followers, at the behest of hackers. What did the messages say? Here is a typical one which appeared on the account of rapper, songwriter, and optimistic Presidential candidate Kanye West and was distributed to his almost 30 million followers.

A wide range of privacy regulations govern how organizations collect, store and use personally identifiable information (PII). In general, companies need to ensure data confidentiality, avoid data breaches and leaks, and make sure data is not destroyed or altered in unauthorized ways. The consequences of lost or leaked PII data are significant. Of course, the individuals involved can be harmed from resulting identity theft and associated costs.