Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Sysdig Threat Research Team (TRT) recently discovered threat actors leveraging an open source tool called PRoot to expand the scope of their operations to multiple Linux distributions and simplify their necessary efforts. Typically, the scope of an attack is limited by the varying configurations of each Linux distribution. Enter PRoot, an open source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine.

SaaS (Software as a Service) companies cannot function without certain consumer data. For starters, you’ll need the customers’ names and email addresses for your marketing and sales operations. And as leads turn into customers, you may also need their payment details. Now, as your company collects more consumer data, it also becomes a target for data breaches. Remember the March 2022 HubSpot security incident?

‍ AEC project teams are using point cloud data to enhance their BIM projects. By importing point cloud data into their CAD software, they can get a more accurate representation of the buildings and landscapes they are working on. This can help with design, construction, and even marketing efforts.

Announced today at AWS re:Invent, Amazon CodeCatalyst brings together everything software development teams need to plan, code, build, test and deploy applications on AWS into a streamlined, integrated experience.

With the continual increase of attacks, vulnerabilities, and misconfigurations, today’s security organizations face an uphill battle in securing their cloud environments. These risks often materialize into unaddressed alerts, incidents, and findings in their security products. However, part of the issue is that many security teams are often stretched too thin and overburdened by alert fatigue.

At AWS re:Invent 2022, CrowdStrike is announcing expanded service integrations with AWS to provide breach protection across your AWS environment, simplified infrastructure management and security consolidation. Visit us at Booth 109, Nov. 28-Dec. 2 in Las Vegas, to learn more about our comprehensive integrations with AWS.

Today, an important measure for success in the tech sector is time to market. The speed at which you can launch your product and any new features can make a huge difference in meeting growing customer expectations, breaking new ground in an existing market, and standing out against your competitors.

On Nov. 22, 2022 Microsoft announced research findings about an ongoing supply chain attack against IoT devices running Boa web servers. The Boa web server, an open-source small-footprint web server suitable for embedded applications, was discontinued in 2005, but many software development kits still use this lightweight server on IoT hardware. Since being discontinued, vulnerabilities were discovered in Boa that make every version out there exploitable.

In the latest example of a cloud service being exploited for cyber espionage, researchers from Trend Micro have shed light on a campaign, conducted between March and October 2022, targeting government, academic, foundations, and research sectors of multiple countries including Myanmar, Australia, the Philippines, Japan, and Taiwan.