The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.


How to secure a Kubernetes cluster

More and more organizations are adopting Kubernetes, but they’re encountering security challenges along the way. In the fall 2020 edition of its “State of Container and Kubernetes Security” report, for instance, StackRox found that nearly 91% of surveyed organizations had adopted Kubernetes, with a majority (75%) of participants revealing that they had deployed the container orchestration platform into their production environments.


7 Third-Party Security Risk Management Best Practices

Cooperation is the key to success. Working with third parties helps businesses increase their productivity and efficiency, produce better products and services, employ highly qualified experts, and cut costs. But all these benefits come at the price of increased cybersecurity risks. Minor flaws in your third-party vendor’s security and privacy routines may turn into cybersecurity weaknesses for your company.


Life of PII for Apache Kafka

Several years ago when I was working on a big data project, I saw something a data engineer shouldn’t see. Curious to understand the level of detail in a new credit score dataset we’d received in our data lake, I queried it. I was surprised at how easily and suddenly my screen was flooded with the mortgage history, overdraft limits and year-end financial statements of my colleagues, and I felt deeply uneasy.


IcedID Stealer Man-in-the-browser Banking Trojan

IcedID stealer (Also known as BokBot) was first discovered at the end of 2017, believed to be a resurgence of the NeverQuest banking Trojan. It is a modular banking trojan that uses man-in-the-browser (MitB) attacks to steal banking credentials, payment card information and other financial data. The stealer possesses relatively sophisticated functionality and capabilities such as web injects, a large remote access trojan (RAT) arsenal and a VNC module for remote control.

sauce labs

ACTION REQUIRED: Secure Your Testing Experience - Best Practices for Updating Sauce Connect

Sauce Labs provides a number of features that help secure your testing experience and ensure that your data and applications are safe while using our cloud platform. One of the most popular features is Sauce Connect Proxy—a built-in HTTP proxy server that opens a secure "tunnel" connection for testing between a Sauce Labs virtual machine or real device and a website or mobile app hosted on your local computer ("localhost") or behind a corporate firewall.

Reviewing Findings in Veracode for VS Code

In this video, you will learn how to: Veracode IDE Scans find potential security issues in your code in seconds so that you can fix the findings directly in your IDE. Veracode for VS Code is an extension to Visual Studio Code, which performs an IDE Scan at the file level. It supports JavaScript, TypeScript, and C#. You can scan either a single file or all files in a selected Visual Studio folder.

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

This is the first part of a two-part advanced technical tutorial that describes how you can use the Defensics SDK to set up your own Bitcoin network. This is the first of two articles that describe how to use the Defensics® software development kit (SDK) to fuzz Bitcoin software. Specifically, you’ll learn how to model one of the Bitcoin network protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.


Resilient Delivery Demands Autonomous Security

Business demands fuel technology shifts The growing shift towards digital business models, accelerated by the pandemic, has revealed the need for increased business and technology alignment across every industry. Customers expect to be able to interact with companies anywhere, anytime, and demand highly responsive, customizable experiences. Gartner refers to organizations with the ability to meet these demands as intelligent, composable businesses1.