The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
A vulnerability was recently discovered in CFEngine Mission Portal and has now been fixed. Under certain circumstances, it was possible to inject JavaScript code into data presented in Mission Portal, that would be run in the user’s browser. This security issue was fixed in CFEngine 3.10.7, 3.12.3, and 3.15.0, and will be mitigated by upgrading your hub to one of these versions (or later). No other action is required than upgrading the Hub.
Businesses are shifting their operations to a remote work model in the midst of the COVID-19 lockdown. While this enables business to generally continue as normal, there has also been a rise in cyberattacks because of this shift as reported by national cybersecurity agency CERT-In. Security experts have also predicted a 30-40 percent hike in cyberattacks due to increased remote working.
Confession: I am a security practitioner. I am also a mom. What I am not is a homeschool teacher. Earlier this year, I spoke to the 5th- and 6th-grade classes at my son’s Innovation Day about cybersecurity. I discussed what it means to be a cybersecurity practitioner and how the practice of cybersecurity affects everyday life.
Many mature security teams look to the MITRE ATT&CK® matrix to help improve their understanding of attacker tactics, techniques, and procedures (TTPs) and to better understand their own capabilities relative to these common adversarial approaches. With the release of Elastic Security 7.6, Elastic SIEM saw 92 detection rules for threat hunting and security analytics aligned to ATT&CK.
Our world has been turned upside down by COVID-19. Whether it's strategically planning our grocery run decontamination process, or trying to keep the kids quiet for even one single moment while on a conference call — things are different. One very evident difference is the change in the way we meet with each other. And one technology enabling this change is Zoom.
The Health Insurance Portability and Accountability Act, also known as HIPAA, is a compliance standard that was implemented after all health-related information was digitized. The crux of the act is to ensure that all sensitive electronic protected health information (ePHI) has restricted, secure access. Various aspects of your network determine your compliance with HIPAA standards. Let’s discuss some of these important components in detail.
eBPF is a hot topic right now; most of the infrastructure-focused conferences and events have included talks on eBPF over the past year, which is creating a lot of interest in the technology. You might be wondering what eBPF is. eBPF stands for “extended Berkeley Packet Filter” which is a feature in modern Linux kernels that allows you to write mini-programs that are attached to low-level hooks in the Linux kernel, that execute based on certain events (e.g. filtering network traffic).
Work, education, and even many of our leisure activities have all moved on-line at an incredible pace due to current social distancing mandates. The digital backbone of the Internet and the SaaS services that drive our personal and professional lives are now foundational. Ensuring that these systems are operating optimally and securely is of paramount importance.
Just recently, the World Health Organization declared coronavirus a global pandemic. This decision brought with it several health and safety measures, and normal life came to a halt in many countries. This resulted in many organizations around the world adopting telecommuting methods to prevent the spread of COVID-19. While people are adjusting to the sudden changes in the way they work, cybercriminals are using this opportunity to exploit new vulnerabilities the work-from-home environment presents.