Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A selection of this week’s more interesting vulnerability disclosures and cyber security news. That is a bit unfortunate…

Imagine you have a perfectly working Kubernetes cluster, and when everything seems on course, you get an “ImagePullBackOff” error. Although this is a popular issue in Kubernetes, understanding and troubleshooting the root cause can be a real headache. Kubernetes is an open-source container orchestration platform originally developed by Google.

CrowdStrike has been named a Leader in The Forrester Wave™: Endpoint Security, Q4 2023, the latest recognition in a string of accolades for our market-leading cybersecurity solutions delivered from the unified, AI-native CrowdStrike Falcon® platform. In the report, Forrester identified the 13 most significant endpoint security providers and researched, analyzed and scored them based on 25 criteria. Our highlights include.

October 18, 2023, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One.

Researchers at Fortra are tracking “Strox,” one of the most popular phishing operations of the past two years. Users of Strox phishing kits can easily create phishing campaigns by simply submitting a logo for the brand they want to impersonate. “Currently, twelve phishing kits are sold on Strox for $90 USD each.

We rarely find ourselves without access to the Internet, thanks to the increased number of public Wi-Fi networks or hotspots wherever we go. From our local coffee shops, libraries, or shopping centers, connecting to the web is easier than ever. But is it more secure? Since 2019, the rise of remote workers and digital nomads means we are more reliant on public Wi-Fi to get our jobs done and to carry out our daily tasks, from online shopping, to emails and video conferences.

In the brisk air of early autumn, optimism fills our hearts as we celebrate the 20th anniversary of Cybersecurity Awareness Month, an annual event dedicated to fostering a deeper understanding of cybersecurity and inspiring behavior change. Two decades ago, the prevailing belief among security professionals was that raising awareness alone could lead to secure online behaviors. But in 2023, we've learned that hope is not a strategy.

A former US Navy IT manager has been sentenced to five years and five months in prison after illegally hacking a database containing personally identifiable information (PII) and selling it on the dark web. 32-year-old Marquis Cooper, of Selma, California, was a chief petty officer in the US Navy's Seventh Fleet when he opened an account in August 2018 with a company that maintains a PII database for millions of people.

Banks and other financial institutions have the one thing every criminal desires. Money. So, it only makes sense that cybercriminals prioritize attacking this industry sector, and it makes even more sense for these institutions to harden their systems to prevent attacks.

With the changing security landscape, the most daunting task for the CISO and CIO is to fight an ongoing battle against hackers and cybercriminals. Bad actors stay ahead of the defenders and are always looking to find new vulnerabilities and loopholes to exploit and enter the business network. Failing to address these threats promptly can have catastrophic consequences for the organization.