The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
Security teams have the tough job of monitoring and securing every single workload in each cloud and for workloads in the development pipeline. Inevitably, these processes wind up being a bottleneck from the developer’s perspective, and developers get frustrated. Understandably, developers feel like security is simply making their jobs harder. But, on the other hand, security teams feel like they’re powerless to provide full coverage.
The ability for security teams to integrate threat data into their operations substantially helps their organization identify potentially malicious endpoint and network events using indicators identified by other threat research teams. In this blog, we’ll cover how to ingest threat data with the Threat Intel Filebeat module. In future blog posts, we'll cover enriching threat data with the Threat ECS fieldset and operationalizing threat data with Elastic Security.
Security scanning provides an opportunity to target, track, and trace vulnerabilities introduced to your packages as soon as Cloudsmith has received a complete package upload. However what happens when you want to intercept the results of a scan immediately. An early warning can make a difference when distributing vulnerable packages to hundreds, thousands, or even millions of developers, devices, or systems globally.
Microsoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero cryptocurrency in Kubernetes cluster environments. Kubeflow is a popular open-source framework often used for running machine learning tasks in Kubernetes. TensorFlow, on the other hand, is an open-source machine learning platform used for implementing machine learning in a Kubernetes environment.