Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

7 Best Encrypted Email Services to Protect Yourself With In 2022

Most successful hacks and data breaches are perpetrated through email. In a perfect world, everyone would find safer methods for communication, but since email isn't going anywhere anytime soon, encrypted email is our best option. Since Internxt doesn't have its own encrypted email yet, we've assembled a list of the best encrypted email services you should use in the meantime.

Best practices for securely configuring Amazon VPC

Amazon Virtual Private Cloud (Amazon VPC) is an AWS service that enables you to launch AWS resources within your own virtual network. Because you can deploy VPCs in separate regions and other VPC components themselves are deployable across different Availability Zones, VPC-hosted environments tend to be highly available and more secure.

Container Image Scanning for Azure Pipelines with Sysdig

Scanning a container image for vulnerabilities or bad practices in your Azure Pipelines using Sysdig Secure is a straightforward process. This article demonstrates a step by step example on how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner in Azure Pipelines. Although possible, it is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.

Threat news: TeamTNT targeting misconfigured kubelet

TeamTNT is a prevalent threat actor who has been targeting cloud and virtual environments such as Kubernetes and Docker since at least late 2019. This threat actor is financially motivated, focusing their efforts on stealing credentials and cryptomining. In 2020, we analyzed their use of Weave Scope on an unsecured Docker API endpoint exposed to the internet. In December 2021, we attributed an attack to TeamTNT in which they targeted a vulnerable WordPress pod to steal AWS credentials.

Why misconfigurations continue to plague public cloud network services and how to avoid them

Cloud security as a strategy is constantly evolving to meet the needs of organizations for scale, agility, and security. If your organization is weighing the merits of the use of public cloud versus private cloud, here are a few facts to keep in mind.

Attackers Continue to Abuse Google Sites and Microsoft Azure to Host Cryptocurrency Phishing

On August 9, 2022, we released a blog post about a phishing campaign where attackers were abusing Google Sites and Microsoft Azure Web Apps to steal cryptocurrency wallets and accounts from different targets, namely Coinbase, MetaMask, Kraken, and Gemini. The attackers were abusing SEO techniques to spread the pages and using advanced techniques to steal data, such as using live chats to interact with victims.

FedRAMP: The journey to cloud secure operations

For many years, the U.S. government was hesitant about moving data and applications to the public cloud. Concerns around security were prevalent. Today, cloud has become a central proposition of IT spend in government institutions. With the government urging federal agencies to move to the cloud for its agility, scalability, and cost efficiency, those agencies need access to FedRAMP®-authorized vendors.