In our last release of the PowerShell security series, we talked about how PowerShell could be leveraged by malicious actors to gain unprecedented access to your organization’s critical assets. From enumerating sensitive domain information and carrying out credential-based attacks to running malicious executables in memory (file-less malware), we shined a light on the potential of PowerShell and why it’s an ideal weapon for cyber attackers today.
Online shopping has become an increasingly popular trend in the past few years as people find it more convenient to buy from the comfort of their homes. You can get pretty much anything and everything from online stores: groceries, clothing, jewelry, electronics and other household items. Yet, we need to consider for a moment if all these online financial transactions taking place are safe – and how can we ensure our protection from online frauds such as identity theft and phishing attacks.
Inherent risk and control risk are two of the three parts of the audit risk model, which auditors use to determine the overall risk of an audit. Inherent risk is the risk of a material misstatement in a company’s financial statements without considering internal controls.
I'm a fan of online surveys. It's a fun, simple, and a great way to check the pulse of our community. We launched our first survey back in 2018, where we looked at the state of securing cloud workloads. We then continued the motion in 2019 with The Kubernetes Adoption and Usage survey and most recently with the Helm survey, still open for feedback. In this blog post I'd like to focus on the 2019 Alcide Kubernetes survey.
The Consensus Assessments Initiative Questionnaire (CAIQ) is a security assessment provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess information security capabilities of cloud providers.
It has been less than 24 hours since the Serverless Community Survey 2020 was launched, and we have the first results! We teamed up with Jeremy Daly to build a unique survey that will help the entire serverless community, this survey was built by the community, for the community. The survey will be up for 4 weeks, so in case you haven't answered it yet - you still got a chance to give back to the community.
The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls.
A new vulnerability was recently discovered that could potentially allow attackers to obtain sensitive information from over one billion Wi-Fi-capable devices. Kr00k (CVE-2019-15126) is the latest vulnerability that's been shown to caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing hackers to decrypt some wireless network packets transmitted by impacted devices.
When thinking about many of the worst data breaches we’ve seen so far (Equifax, CapitalOne, Target, Home Depot, and more), there was one common element: The attacks were not detected while they were active on the internal networks. It’s easy to think of the internal network as what’s onsite and directly in control.