Latest News


Apps Used to Book Hotels Targeted by Skimming Attack

Vacationers using mobile apps to reserve their hotel rooms have recently been hit by a targeted skimming attack. Trend Micro found a series of security incidents that took place earlier this morning where the booking sites belonging to two popular hotel chains were hit by credit card skimming malware known as Magecart.


Beyond Patching: Fixing kubectl cp Vulns (cve-2019-11251)

The Kubernetes project released patches yesterday for kubectl 1.13, 1.14, and 1.15, and also released kubectl 1.16.0 along with the release of Kubernetes 1.16. The previous versions were patched to address ongoing security vulnerabilities with the kubectl cp subcommand that could allow critical files to be overwritten or exfiltrated by accidental or malicious replacements when copying from a running container.


Kubernetes 1.16: Important Features for Operational Excellence

This week marked the release of Kubernetes 1.16 and, like previous releases, delivers a range of exciting new features and enhancements that showcase its rapid velocity and maturity, driven by a community of more than 32,000 individual contributors. At StackRox, we have always viewed one of the greatest advantages of Kubernetes’ design to be its inherent extensibility and scalability, which continues to be evidenced by several updates in this latest version.


Network asset discovery and why you need it for your applications

In today’s business climate, almost all companies are looking for a way to better leverage software and the power of applications. They’re developing new applications at an increasing pace using the latest technologies. Not only that, but they’re also migrating their older applications, primarily using microservices or cloud computing. But with new technologies and programming languages come increases in security risk. You must be aware of your cybersecurity situation.


How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN

Detectify Crowdsource hacker, Alyssa Herrera, is a full-time bug bounty hacker and web application security researcher who works to protect organizations. She was one of several Crowdsource hackers to submit a working proof of concept for File Disclosure in Pulse Secure Connect (CVE-2019-11510). This guest blog post will walk through how she developed an exploitable-payload for this vulnerability.


A Guide on 5 Common LinkedIn Scams

The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity. Fortunately, users can stay alert of such activity by familiarizing themselves with the most common types of LinkedIn scams. Here are five ruses, in particular, that should be on their radar.


Setting up SSO on Wire Enterprise

When organizations upgrade from Wire Pro to Wire Enterprise one of the key integration features is the support for Single Sign On (SSO) through SAML 2.0. The integration with identity management solutions enables organizations to simplify password managment and lower the risk of phishing attacks. Moreover, many of the identity platforms augment the set of authentication and authorization features to compliment the security of Wire.