Detecting exploits of CVE-2019-5736: runc container breakout
Earlier today, CVE-2019-5736 was announced regarding a runC container breakout. Given the high CVSS rating of 7.2, it is imperative to quickly patch your systems.
Operations | Monitoring | ITSM | DevOps | Cloud
The Place Where Modern Operations & Technology Come Together
The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
Cyber Security - Predictions 2019
George's predictions on cyber security for 2019.
Featured Post
Modern Monitoring: Unwrapping Security Monitoring
For the final part of our monitoring series, we take a deeper look at the giant industry of security monitoring and how these tools can help you protect your systems from major threats.
Thwart password spray attacks to secure employee access to cloud apps
Chances are you’ve heard of traditional credential-based attacks on Active Directory (AD) and cloud applications—brute force attacks, dictionary attacks, and keylogging, to name a few. There’s now another attack type you should familiarize yourself with: password spray attacks. In this blog, we’ll analyze why you should be wary of them and the best way to tackle them.
Man-in-the-middle attacks on the rise. Monitor your DNS
For our tech-minded readers, we strongly recommend you read the suggested articles in the US-CERT notification for detailed examples of how the hijacking takes place, for the rest of you, we’ve put together a summary of how the multifaceted attacks work.
Enable Kubernetes Pod Security Policy with kube-psp-advisor
Kubernetes Pod Security Policy is a mechanism to enforce best security practices in Kubernetes. In this tutorial, we will explain how to enable Kubernetes Pod Security Policy across your cluster using kube-psp-advisor to address the practical challenges of building an adaptive and fine-grained security policy on Kubernetes in production.
7 Signs of an Attempted Data Breach- and How to Stop It in Its Tracks
Data breaches come in all shapes, sizes, and levels of exposure. They can range from a couple of log files unintentionally left available to the public to the leak of hundreds of thousands of users’ personally identifiable information (PII). Don’t think that just because you have a secure network, a leak can’t happen to you.
Privacy Parts - universal data privacy laws
Katherine (Kiki) Haar and George Gerchow take on early year news about privacy, GDPR, Google's €50 Million fine, data collection and CNIL.
The Need for Security-Specific Applications
When we talk about cloud providers, we often forget that not all data is the same — even in the same application, while we might think of this data as from a “financial application” or a “computation process”, the reality is that each data set has subsets upon subsets, and thus require specific applications to manage them.
Cybersecurity Best Practices: Protect Your Team from Phishing Attacks
Phishing happens. It is probably happening as you read this. Right now, some well-defended company is having data under its care exposed. This data may contain sensitive information, such as login credentials, and in many cases, it is only known that an attack of this type has taken place after the fact. Protecting yourself and your employer against phishing attacks relies foremost on critical thinking; however, there are some business processes and technologies that can help.