Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Un-Excuse-ing Upgrades

When we talk about upgrades here at SolarWinds, we spend a lot of time discussing the beneficial features, performance, and capabilities you can gain. That’s not by accident. The honest-to-goodness truth is, the most compelling reason to upgrade ANYTHING—from our phone to our game console to our monitoring software—is because we’ll be able to do something both new and useful to us.

Importance of Data Security For Mobile Healthcare Apps

Telemedicine or mobile healthcare apps are unquestionably important in our daily lives, as the world is increasingly shifting to an all-digital landscape. And when you think of the current pandemic scenario when social distancing and wearing masks are the new normal, nothing seems to be safer than using mobile health apps. But are we really safe while using these apps? Well, that brings us to the concern of being safe on the internet while using mobile healthcare apps.

Incident Response Alert Routing

You have identified a data breach, now what? Your Incident Response Playbook is up to date. You have drilled for this, you know who the key players on your team are and you have their home phone numbers, mobile phone numbers, and email addresses, so you get to work. It is seven o’clock in the evening so you are sure everyone is available and ready to respond, you begin typing “that” email and making phone calls, one at a time.

Announcing Calico Enterprise 3.5: New ways to automate, simplify and accelerate Kubernetes adoption and deployment

We are thrilled to announce the availability of Calico Enterprise 3.5, which delivers deep observability across the entire Kubernetes stack, from application to networking layers (L3–L7). This release also includes data plane support for Windows and eBPF, in addition to the standard Linux data plane. These new capabilities are designed to automate, simplify and accelerate Kubernetes adoption and deployment. Here are highlights from the release…

The essentials of central log collection with WEF and WEC

Last week we covered the essentials of event logging: Ensuring that all your systems are writing logs about the important events or activities occurring on them. This week we will cover the essentials of centrally collecting these Event Logs on a Window Event Collector (WEC) server, which then forwards all logs to Elastic Security.

Mobile Devices are Ubiquitous, and so are Cyberattacks

We all like to enjoy untethered freedom, as is shown by the incredible growth of mobile devices we use every day for business and personal activities. We use mobile devices for buying products and services, and banking and investing. We download apps that allow us to connect with our favorite businesses and socially interact with friends and relatives.

Using Maths to Fight Financial Crime

Financial crime has become a red-hot topic over the last 12 months, as fraudsters have sought to exploit the monitoring gaps between people, process and technology across an ever-widening attack surface – driven by the growth in usage of remote (digital) channels. Even before its recent growth, the cost of fraud and financial crime was significant.

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass

The CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates. The kube-apiserver affected are: You are only affected by this vulnerability if both of the following conditions are valid: By exploiting the vulnerability, adversaries could bypass the Validating Admission Webhook checks and allow update actions on Kubernetes nodes.