Gone are the days when our greatest inklings of insider threats were employees who never wanted to take vacation and did everything to avoid letting others see the financial records they were maintaining. Today, insider threats come in a concerning variety of forms with consequences often exceeding millions of dollars. As time passes, more industries than ever before are feeling the sting of security incidents and breaches stemming from their very own trusted employees and partners.

Deploying an application on Kubernetes can require a number of related deployment artifacts or spec files: Deployment, Service, PVCs, ConfigMaps, Service Account — to name just a few. Managing all of these resources and relating them to deployed apps can be challenging, especially when it comes to tracking changes and updates to the deployed application (actual state) and its original source (authorized or desired state).

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Being a popular tool, I do find it odd that while faults in Zip files have been known for a long time, WinRAR has only just been identified with similar issues. Well, better late than never I suppose.

Implementing cybersecurity projects shouldn’t only depend on return on investment or viewed as a cost. There’s a better way you could be evaluating it. Businesses should be thinking about how adding cybersecurity can add more business value and enable company growth. The landscape is changing and security is starting to be seen as a competitive advantage more often, and for some industries, it’s a reason customers want to do business with a brand.

Every business today is growing in their own unique way. Their infrastructure is made up of a combination of cloud and on-premises repositories. Their application suite is custom built with a myriad of productivity applications like Slack, Office 365, Zoom, and more. And finally, their users are working on a wide range of devices, from Apple iPhones to Microsoft Surface Pros. The common theme amongst businesses is their need for flexibility.

Compliance with the Health Insurance and Portability Act (HIPAA) initially appears to apply only to the healthcare industry. However, HIPAA also requires healthcare provider business associates to maintain security and privacy controls over protected health information (PHI) and electronic PHI (ePHI). For payer organizations, this requirement means aligning data security protections to HIPAA.

Even with years of related industry experience an individual can become lost in all of the acronyms surrounding security vulnerabilities in modern software. Several of these acronyms exist, and many of them are very similar. Some of the most common are discussed below.

Given you’re here, you’re likely new to this topic, so please be aware in that fileless malware, fileless malware attack, and fileless attack are different words for the same thing. With that clear, let’s jump in!