Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we explore how credential stuffing attacks are evolving and why they pose a greater threat than meets the eye. Credential stuffing is perhaps the simplest form of cyberattack, but it continues to make headlines despite its lack of sophistication. It has become the attack method of choice for cybercriminals primarily because of its high success rate and ROI.

Benchmark tests measure a repeatable set of quantifiable results that serve as a point of reference against which products and services can be compared. Since 2018, Alexis Ducastel, a Kubernetes CKA/CKAD and the founder of InfraBuilder, has been running independent benchmark tests of Kubernetes network plugins (CNI) over a 10Gbit/s network. The latest benchmark in this periodic series of tests was published in September, and was based on CNI versions that were up-to-date as of August 2020.

Each year ecommerce sites are named and shamed for failing to prepare their website for Black Friday, sacrificing sales revenue and reputation. We explain changes companies can make in advance to mitigate outages, reduce shopping cart abandonment and improve digital experience in preparation for Black Friday 2020.

In this blog, we introduce the new integration between Sysdig Secure and Red Hat® Advanced Cluster Management for Kubernetes that protects containers, Kubernetes, and cloud infrastructure with out-of-the-box policies based on the Falco open-source runtime security project. Organizations are quickly growing their Kubernetes footprint and need ways to achieve consistent management and security across clusters.

The ever-evolving cloud-native landscape creates constantly changing attack surfaces. As a result, teams implement a whole suite of security tools to identify large varieties of vulnerabilities and attacks, as well as monitor more logs than ever to find malicious activity. But monitoring so much information can cause a barrage of notifications and alerts. Even if you’re identifying real security threats, it can be impossible to know where to start and where to focus.

We are pleased to announce the release of CFEngine 3.17.0, with the theme Flexibility! This is a non-LTS release and allows the CFEngine community to test the features which will be in CFEngine 3.18.0 LTS (Summer 2021).

ITIL has established itself as the gold standard of guidelines for service management over the years. And with so many employees working remotely this year as a result of the COVID-19 pandemic, the best practices and guiding principles of ITIL 4 are arguably more applicable than ever. The sudden shift to remote work for many organizations has forced teams to increasingly rely on technology and find new ways to convey important messages.

Active Directory (AD) is a process service that is used in Microsoft® Windows-based environments. It is responsible for authenticating users when they connect to servers and for authorizing access to different directories, files, and data. AD is also responsible for carrying out security protocols on all connected devices and computers. For example, there is a policy in place where, after three login attempts, a user’s account is locked.

Security teams are in a difficult position: they continue wrestling with persistent problems, such as overwhelming alert volumes and staff shortages, while confronting new ones driven by the abrupt shift to remote work. For instance, attaining real-time, deep visibility into cloud environments may have been on SOC roadmaps before 2020, but the capability is now a pressing need.