Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

solarwinds

What Is an Intrusion Detection System (IDS)?

More personal and proprietary data is available online than ever before—and many malicious actors want to get ahold of this valuable information. Using an intrusion detection system (IDS) is essential to the protection of your network and on-premises devices. Intrusion detection systems are designed to identify suspicious and malicious activity through network traffic, and an intrusion detection system (IDS) enables you to discover whether your network is being attacked.

elastic

Detecting unusual network activity with Elastic Security and machine learning

As we’ve shown in a previous blog, search-based detection rules and Elastic’s machine learning-based anomaly detection can be a powerful way to identify rare and unusual activity in cloud API logs. Now, as of Elastic Security 7.13, we’ve introduced a new set of unsupervised machine learning jobs for network data, and accompanying alert rules, several of which look for geographic anomalies.

logz.io

Why Cloud-Native SIEM?

The SIEM is a central point where data is collected and correlated, and as we move to consume more cloud services and data sets the SIEM itself must also change in architecture. Architecture change is hard to make for existing products. Calling a product a ‘cloud solution’ is not the same as taking an on-premises product and hosting it for customers. It means building a new SIEM for a new world. There are a lot of reasons users seek new SIEMs.

sysdig

Kubernetes 1.22 - What's new?

This release brings 56 enhancements, an increase from 50 in Kubernetes 1.21 and 43 in Kubernetes 1.20. Of those 56 enhancements, 13 are graduating to Stable, a whopping 24 are existing features that keep improving, and 16 are completely new. It’s great to see so many new features focusing on security, like the replacement for the Pod Security Policies, a rootless mode, and enabling Seccomp by default. Also, watch out for all the deprecations and removals in this version!

jfrog

JFrog detects malicious PyPI packages stealing credit cards and injecting code

Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure.

Annual SolarWinds Study Reveals Opportunities for Business and IT Collaboration in Managing Enterprise Risk Driven by Internal and External Security Threats

SolarWinds IT Trends Report 2021: Building a Secure Future examines how technology professionals perceive the evolving state of risk in today's business environment following internal impact of COVID-19 IT policies and exposure to external breaches. SolarWinds introduces Secure by Design program as a guide for industry-wide approach to help prevent future cyberattacks.
sysdig

What is the MITRE ATT&CK Framework for Cloud? | 10 TTPs You should know of

In any case, by using the MITRE ATT&CK framework to model and implement your cloud IaaS security, you will have a head start on any compliance standard since it guides your cybersecurity and risk teams to follow the best security practices. As it does for all platforms and environments, MITRE came up with an IaaS Matrix to map the specific Tactics, Techniques, and Procedures (TTPs) that advanced threat actors could possibly use in their attacks on Cloud environments.

sysdig

How to mitigate CVE-2021-33909 Sequoia with Falco - Linux filesystem privilege escalation vulnerability

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.

humio

How logging everything helps mitigate ransomware risks

Ransomware attacks, the malicious code that attackers use to encrypt data or lock users out of their devices, have been rampant and are on the rise globally. The largest ransomware payout thus far in 2021 was made by an insurance company at $40 million. A more recent attack occurred in early July and was launched by a group called REvil. The immediate victim was a Florida company, Kaseya, that provides software to companies that manage technology for thousands of smaller firms.