Photo by chuttersnap on Unsplash Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. It has recently seen rapid adoption across enterprise environments. Many environments rely on managed Kubernetes services such as Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS) to take advantage of the benefits of both containerization and the cloud.
A recent flaw, CVE-2019-14287, has been found in sudo. In this blogpost, we are going to show you how to use Falco or Sysdig Secure, to detect any exploit attempts against this vulnerability. sudo allows users to run commands with other user privileges. It is typically used to allow unprivileged users to execute commands as root. The issue exists in the way sudo has implemented running commands with an arbitrary user ID in versions earlier than 1.8.28.
Pitney Bowes, the US-based global shipping and eCommerce giant, informed customers on Monday that select services are unavailable due to a piece of ransomware that infected its systems. The company announced on Monday that a piece of ransomware encrypted files on some of its systems, rendering them inaccessible to users.
October is national cybersecurity awareness month, and with the recent hacks at Door Dash, the discovery of a large-scale iOS hacking campaign, and a database containing 419 million phone numbers associated with Facebook accounts, we’re all likely feeling a little dirty. So, I decided to share my perspectives on cyber hygiene.
Microsoft has partnered up with the U.S. National Institute of Standards and Technology (NIST) to create a guide designed to make enterprise patch management simpler. Microsoft originally worked with partners from the Center for Internet Security (CIS), the Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA), as well as customers.
The risk to supply chain assets due to malware is huge and the build, test and production environments are always at risk of suffering a malware attack. What ensues is failure of existing detection methods failure and compromise of software development lifecycle. Environments are often exposed to all imaginable vectors of attack caused by insider contamination due to malicious third-party software components. The production environment is at a high risk too.
We all know that security and safety on the internet is important but may not necessarily know what is happening behind the scenes to allow us to browse around the internet or connect to a remote resource securely. Typically, the everyday user browsing on the internet knows to look for two things when accessing a website...
As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack. Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services would be.
In the past year, adoption of DevOps has increased by nearly 10 percent. Most business owners realize that in order to bring together the marketing and IT side of their business together during the development of new software or web-based apps, they have to use the DevOps and Agile methodologies.
At the end of 2018, 30 million small businesses were operating in the United States, many of which relied on a variety of technologies to deliver their services. No matter how small in size or how new on the startup scene, these growing companies often face the same cyber risks that large and well-established companies face.
