Security News > 2020 > April
She explains "We bridge security and DevOps. DevOps is trying to learn how to run and configure Kubernetes. Security understands compliance and auditing, but does not understand the infrastructure enough to get that information." Beyond that, they don't even speak the language to ask the questions. There are certainly plenty of container security products; StackRox is one.
The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks aimed at water facilities. According to an alert published by Israel's National Cyber Directorate, the attacks targeted supervisory control and data acquisition systems at wastewater treatment plants, pumping stations and sewage facilities.
A collection of approximately 400,000 payment card records, mainly from South Korea and the United States, has emerged on the dark web this month, Group-IB reports. Uploaded on a popular darknet cardshop on April 9, this collection represents the largest sale of South Korean records on underground markets this year, the cyber-security company warns.
To use Cartdash users first selected what items they want from Instacart as normal. First, does this count as a hack? I feel like it is, since it's a way to subvert the Instacart ordering system.
The US National Security Agency and its Australian counterpart the Australian Signals Directorate have published a set of guidelines to help companies avoid a common kind of attack: web shell exploits. A web shell is a malicious program, often written in a scripting language like PHP or Java Server Pages, that gives an attacker remote access to a system and lets them execute functions on a victim's web server.
Kaspersky has teamed up with SecurityWeek to offer a virtual edition of the high-profile Security Analyst Summit. Kaspersky has rescheduled its in-person Security Analyst Summit for November 18-21, when the conference will take place in Barcelona, Spain, if the current coronavirus pandemic is contained.
The attacker can use this method to read the user's Teams messages, send messages on their behalf, create groups, add or remove users from a group, and change group permissions. The entire attack can be automated, allowing malicious actors to spread through an organization like a worm by using compromised accounts to send the malicious GIF to other Teams users.
Aside from plugging the security hole, the hotfix detects if the firewall was hit by attackers and, if it was, stops it from accessing any attacker infrastructure, cleans up remnants from the attack, and notifies administrators about it so that they can perform additional remediation steps. The zero-day affects all versions of XG Firewall firmware on both physical and virtual Sophos firewalls.
A vulnerability existed in Microsoft's Slack for Suits tool, Teams, that could have let a remote attacker take over accounts by simply sending a malicious GIF, infosec researchers claim. The rest of the Teams vuln was patched last Monday, 20 April.