AquaSec’s Daniel Sagi recently authored a blog post about DNS spoofing in Kubernetes. TLDR is that if you use default networking in Kubernetes you might be vulnerable to ARP spoofing which can allow pods to spoof (impersonate) the IP addresses of other pods. Since so much traffic is dialed via domain names rather than IPs, spoofing DNS can allow you to redirect lots of traffic inside the cluster for nefarious purposes.

Okta is a cloud-based identity management service that provides authentication and authorization tools for your organizations’ employees and users. You can use Okta to incorporate single sign-on, multi-factor authentication, and user management services right into your applications.

Students in the Monroe-Woodbury Central School District were expecting to head back to school today, but a ransomware attack forced officials to push back the first day of school. The district's superintendent, Elsie Rodriguez, was forced to send out an email to parents Tuesday night, claiming to have experienced a cyber security threat that impacted the district's operations.

A cyber threat (or cyber security threat) is the possibility of a successful cyber attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property or any other form of sensitive data. Cyber threats can come from within an organization by trusted users or from remote locations by unknown parties.

Containers have become a popular technology for enterprises that need to create agile, scalable and reliable applications. As they’re moving containerized workloads into production, many are adopting Kubernetes for container orchestration. While containerization enables DevOps to deploy software fast and efficiently, it also creates new security challenges, especially for those who’ve accelerated their implementation of this complex technology.

This week marks six months since the last of three compliance deadlines for the New York State Department of Financial Services (NYDFS) Cybersecurity Regulations. As of March 1, 2019, many financial services firms operating in New York state are now required to abide by a new set of cybersecurity standards that dictate how they manage, share, and control access to data.

At Bearer, we’ve been crafting a remote-first company since day one. Not only are we remote-first, we are, in fact, a multi-regional, multi-cultural, multi-lingual, remote-first company, something even more unique! Since we’ve been running the company this way for more than a year now, we took this as a good opportunity to reflect on the culture and process we've built, hopefully answering some questions you may have about remote-first companies too.

If you are involved with cyber security, you must have heard log auditing. In this article we discuss the importance and benefits of log auditing and how it can help improving the security posture of your networks. The definition of audit log (also known as audit trail) is quite straightforward. When the system is applied a change, it leads to a parallel one in the behaviour of the system. This change in the behaviour must be recorded in an audit log.

The numbers are shocking. According to the 2019 The State of Work Report, employees spend just 40% of their workday on primary tasks. A Gallup poll showed that disengaged employees cost companies in the United States between $450 and $550 billion per year, and highly engaged teams are 21% more profitable than others. So how can an organization find out what employees are doing when they are on the clock so they can take steps to increase engagement and boost productivity?

The British holiday firm, Truly Travels, has admitted to suffering a data breach due to an unsecured Amazon Web Services server. The data in the unsecured AWS server was left open to the internet for over three years, exposing the personal details of over 200,000 customers.