Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

SUNBURST Backdoor: What to look for in your logs now - Interview with an incident responder

Yesterday, FireEye published a report about a global intrusion campaign that utilized a backdoor planted in SolarWinds Orion. Attackers gained access to the download servers of Orion. They managed to infect signed installers downloaded by Orion users who had all reason to believe that the packages are safe and had not been tampered with. With this information out in the world, teams are scrambling to investigate if their environments are affected by this breach.

Secure Your Cloud Transformation with Continuous Intelligence

CrowdStrike and Sumo Logic work together to identify security threats and defend against IOCs in a hybrid environment. Customers gain knowledge on adversaries which may be targeting their assets and organisation via strategic, operational and technical reporting and alerts. During this session, we’ll hear from Australian private health provider, NIB, on how Sumo Logic and CrowdStrike have worked together to help NIB secure its digital transformation and cloud environment.

Tapping Native Controls in Kubernetes to Protect Your Cloud-Native Apps

As companies adopt container technologies, they face a significant challenge - how do we secure this new attack surface? It’s an issue that you often see backlogged in favor of solving storage, networking and monitoring issues. Add on the challenge of educating the workforce on one of the fastest-growing open source projects to date, and it’s no wonder security has lagged as the primary focus for teams.

How to Remediate Unencrypted S3 buckets

Cloud environments are always susceptible to security issues. A significant contributor to this problem is misconfigured resources. Traditional IT Infrastructure was somewhat static; server hardware only changed every few years. With few changes occurring, security was also more static. The modern cloud environment is a much different challenge. In cloud environments, servers, services, and storage are created with automation, resulting in a dynamic and potentially ever-changing server environment.

Enabling Secure Kubernetes Multi-Tenancy with Calico Enterprise

When you have different teams interacting with a Kubernetes cluster you need to think about the security, privacy, and observability challenges associated with multi-tenancy: How to provide each team with access to the specific resources they need, in a way that allows the team to be agile, without risking impacting other teams? In this session, we’ll explore the Kubernetes multi tenancy concepts and design patterns needed for successful enablement of multi-tenancy within your Kubernetes clusters using key capabilities of Calico Enterprise.

Datadog on Serverless

The Datadog Security Platform team leverages Serverless to ingest security events across many different cloud providers, deployment platforms, and devices. These security events are then transformed and shipped to a data lake to help defend and protect the platform as a whole. Once there, these ingested events are used to drive internal investigations, create internal security alerts, and reason about security incidents.

Coordinated disclosure of XML round-trip vulnerabilities in Go's standard library

This blog post is a part of Mattermost’s public disclosure of three serious vulnerabilities in Go’s encoding/xml related to tokenization round-trips. The public disclosure comes as a result of several months of work, including collaborating with the Go security team since August 2020 and with affected downstream project maintainers since earlier this month.

Securing Your Expanding Network Perimeter

Cybersecurity attacks, such as ransomware and phishing scams, have delivered crippling IT blows in the public sector for some time. And here’s the bad news—these attacks have proliferated in the days of COVID-19. A new report from Google found a 350% increase in phishing attacks since the beginning of the year. To better defend against today’s cyberattacks, state and local governments are increasingly exploring the benefits of software-defined networking (SDN).

Using Splunk to Detect Sunburst Backdoor

TL;DR: This blog contains some immediate guidance on using Splunk Core and Splunk Enterprise Security to protect (and detect activity on) your network from the Sunburst Backdoor malware delivered via SolarWinds Orion software. Splunk’s threat research team will release more guidance in the coming week. Also please note that you may see some malicious network activity but it may not mean your network is compromised. As always review carefully.

How a mobile device management solution can help with securing devices in the digital workspace

The past decade has witnessed many organizations adapting to a digital workspace, replacing the traditional physical offices setups with virtual workplaces encompassing all the technologies that employees require to get their work done. Because of the pandemic, even companies that were once against the concept of a distributed workforce have now been forced to embrace remote work. Though a digital workspace offers a more flexible user experience for employees, it comes with its own set of challenges.