Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering hidden systems. What are the core capabilities a robust EASM solution should have? Given that […]
Continue ReadingCloud Native Application Protection Platforms (CNAPPs) have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Secure cloud computing environment Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools […]
Continue ReadingAs cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of complexity and potential security blind spots. In this Help Net Security interview, Kennedy Torkura, CTO […]
Continue ReadingIn this Help Net Security video, Assaf Morag, Lead Threat Intelligence Analyst at Aqua Security, discusses research that discovered openly accessible and unprotected Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals. At least 60% of these clusters were breached and had an active campaign with deployed malware and backdoors. The exposures […]
Continue ReadingBy Habiba Rashid Aquasec Investigation Exposes Alarming Rise in Kubernetes Misconfigurations Leading to Catastrophic Breaches. This is a post from HackRead.com Read the original post: Cryptomining and Malware Flourish on Misconfigured Kubernetes Clusters
Continue ReadingAn insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. Administrators in charge of Apache Superset instances should check whether they are among that lot, upgrade them to a fixed version, and check whether attackers might have exploited the weakness to breach them. Apache Superset and […]
Continue ReadingMicrosoft addressed a misconfiguration flaw in the Azure Active Directory (AAD) identity and access management service. Microsoft has addressed a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed multiple Microsoft applications, including the Bing management portal, to unauthorized access. The vulnerability was discovered by Wiz Research which determined […]
Continue ReadingNetwrix announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report. Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44 percent of respondents in this sector say their own IT staff poses the biggest risk […]
Continue ReadingIn this interview with Help net Security, Brad Jones, VP of Information Security at Seagate Technology, talks about cybersecurity trends organizations will be dealing with soon, particlularly concerning cloud misconfiguration, data classification, software vulnerabilities, and the cybersecurity skills gap. Cybersecurity risks are an ever-evolving issue for all organizations. What are the main ones we are […]
Continue ReadingTitania launched an independent research report that uncovers the impact of exploitable misconfigurations on the security of networks in the US federal government. The study, “The impact of exploitable misconfigurations on the security of agencies’ networks and current approaches to mitigating risks in the US Federal Government“, finds that network professionals report that they are […]
Continue Reading