Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kubernetes supports several authorization methods, but the best-known and one of the most versatile is RBAC. Role-based access control implements a mechanism for restricting and controlling user access to resources of a system by using roles attached to users.

As mentioned in SecurityScorecard’s (SSC) previous Zhadnost blog posts (part one and part two), the DDoS attacks against Ukrainian and Finnish websites do not appear to have a lasting impact, as the sites were back online within hours of the attack.

Cryptocurrency, the next generation of money. Adored by luminaries from Elon Musk to Snoop Dogg. Now the official currency of El Salvador, and a funding source for Ukrainian resistance to the Russian invasion. But is crypto really all that it seems? Cryptocurrency has tremendous potential to address a host of the world’s financial issues: from limited access to financial resources, to ineffective and costly payment and transfer services.

Sometimes referred to as Sodinokibi, the notorious REvil ransomware-as-a-service (RAAS) enterprise was responsible for a series of high profile attacks against the likes of the world’s biggest meat supplier JBS Foods and IT service firm Kaseya. However, it looked like its activities had come to a halt after law enforcement agencies pushed REvil offline in October 2021, and Russia reportedly arrested 14 of the gang’s members earlier this year.

Vulnerabilities are software bugs or weaknesses that could be used by an attacker. They could be present in the operating system, application code, and third-party code dependencies, such as libraries, frameworks, programming scripts, and so on. By taking a secure DevOps approach and identifying vulnerabilities early in development, you avoid frustrating developers with delays when an application is ready for production.

Let me tell you a story. Not a bedtime story or the sort of happy-ending story you’d read to your kids. This is a darker, much more serious story. It’s a story about cybersecurity. Specifically, it’s a story about attack stories. You may be asking yourself, what is an attack story? Every cyberattack has a story. And that story consists of a sequence of steps adversaries take to learn, access and control the resources and data of the victims they’re pursuing.

A few days ago, security researcher Neil Madden published a blog post, in which he provided details about a newly disclosed vulnerability in Java, CVE-2022-21449 or “Psychic Signatures”. This security vulnerability originates in an improper implementation of the ECDSA signature verification algorithm, introduced in Java 15.