Technology

CVE-2022-3172 - kube-apiserver can allow an aggregated API server to redirect client traffic to any URL

Sep 19, 2022 By Ben Hirschberg In ARMO

A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties. The aggregated API server extension in Kubernetes API server enables users to extend API server with alternative objects and paths.

Read Post

ARMO

Read more about CVE-2022-3172 - kube-apiserver can allow an aggregated API server to redirect client traffic to any URL

Directory Sharing in a Web-Based RDP Client Using the File System Access API

Sep 19, 2022 By Isaiah Becker-Mayer In Teleport

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft which at its core is designed to give users a graphical interface to a remote Windows computer over a network connection. The remote Windows machine runs an RDP server, while the local computer accessing it runs an RDP client. Windows comes bundled with Microsoft's Remote Desktop Connection to easily access Windows hosts over RDP.

Read Post

Teleport

Read more about Directory Sharing in a Web-Based RDP Client Using the File System Access API

How to Build Your Cloud Migration Security Strategy

Sep 16, 2022 By Kroll In Kroll

Moving to the cloud is becoming a business necessity. Cloud technologies are flexible and scalable and less expensive to maintain than on-premises solutions, allowing companies to easily adapt as business needs change. The only real barrier to making the move is concerns about cloud migration security.

Read Post

Kroll

Read more about How to Build Your Cloud Migration Security Strategy

Why misconfigurations continue to plague public cloud network services and how to avoid them

Sep 15, 2022 By Oren Amiram, Director of Product In AlgoSec

Cloud security as a strategy is constantly evolving to meet the needs of organizations for scale, agility, and security. If your organization is weighing the merits of the use of public cloud versus private cloud, here are a few facts to keep in mind.

Read Post

AlgoSec

Read more about Why misconfigurations continue to plague public cloud network services and how to avoid them

Improve security and compliance for your AWS infrastructure with Teleport

Sep 15, 2022 By Teleport In Teleport

Easily control who can provision and access your critical AWS resources while improving security and compliance. Watch this webinar as Allen Vailliencourt from Teleport discusses how to.

View Video

Teleport

Read more about Improve security and compliance for your AWS infrastructure with Teleport

Cyber Attack on IHG Disrupts Hotel Booking System | Concerns on Private Data Leakage

Sep 15, 2022 By Shivani Dhiman In Appknox

IHG Hotels & Resorts, the hotel group that owns the Holiday Inn and Intercontinental brands, experienced a cyber attack in the first week of September. The attack has impacted the central hotel’s booking system and mobile apps, causing a service outage for several days. Loyalty program members could not log in or create new bookings during this time.

Read Post

Appknox

Read more about Cyber Attack on IHG Disrupts Hotel Booking System | Concerns on Private Data Leakage

Privacy, SSE Adoption: My Takeaways From the 2022 Gartner SRM in London

Sep 15, 2022 By Matt Walmsley In Lookout

After a two-year hiatus, the Gartner Security and Risk Management, London is back! I had the privilege of attending a number of sessions, spending time talking with analysts and digesting some of the latest cybersecurity trends and strategies, including the Top Cybersecurity Predictions for 2022-2023 from Gartner. Two themes that stood out to me were security service edge (SSE) and extended detection and response (XDR) Below are some of my key takeaways from this year’s conference.

Read Post

Lookout

Read more about Privacy, SSE Adoption: My Takeaways From the 2022 Gartner SRM in London

APIs: Risks and security solutions

Sep 15, 2022 By Stefanie Shank In AT&T Cybersecurity

APIs have become a vital part of doing business. Organizations increasingly rely on the use of APIs for day-to-day workflows, particularly as cloud applications become something of a mainstay. A recent report found that the average number of APIs per company increased by 221% in 2021. Not only are APIs impossible to ignore, but the need to invest in API security cannot be overlooked. The trend in usage is closely followed by opportunists seeking ways to exploit vulnerabilities for their gain.

Read Post

AT&T Cybersecurity

Read more about APIs: Risks and security solutions

Attackers Continue to Abuse Google Sites and Microsoft Azure to Host Cryptocurrency Phishing

Sep 15, 2022 By Gustavo Palazolo In Netskope

On August 9, 2022, we released a blog post about a phishing campaign where attackers were abusing Google Sites and Microsoft Azure Web Apps to steal cryptocurrency wallets and accounts from different targets, namely Coinbase, MetaMask, Kraken, and Gemini. The attackers were abusing SEO techniques to spread the pages and using advanced techniques to steal data, such as using live chats to interact with victims.

Read Post

Netskope

Read more about Attackers Continue to Abuse Google Sites and Microsoft Azure to Host Cryptocurrency Phishing

6 best practices to stay secure in the hybrid cloud

Sep 15, 2022 By AlgoSec

Every year we witness more organizations of all sizes investing more in the cloud. A recent report by the Cloud Security Alliance and AlgoSec shows that over half of organizations are running 41% or more of their workload in the public cloud, and 62% of organizations are running multi-cloud environments. With organizations running workloads in complex hybrid networks - public, private, and on-premises networks - the security landscape is getting even more complex. There are actions you can take, though, to help you dissolve the complexities.

Get EBook