Security News > 2021 > May
Kubestriker is an open-source, platform-agnostic tool for identifying security misconfigurations in Kubernetes clusters. It performs a variety of checks on a range of services and open ports on the Kubernetes platform, helps safeguard against potential attacks on Kubernetes clusters by continuously scanning, monitoring and alerting of any anomalies, allows users to see components of the Kubernetes infrastructure, and visualizes attack paths.
Ask the average helpdesk technician what they do all day, and they will probably answer by saying that they reset passwords. The first step in the password reset process involves a user picking up the phone and calling the helpdesk to request a password reset.
A strong case can be made that shoring up defenses requires "Automating out" the weakest link - i.e., humans - from any cloud that companies are entrusting with their data. In "Automating out the weak link," the ability of superusers or IT administrators - or of bad actors who have gained access to valid admin credentials - to manually interfere with sensitive data becomes non-existent, because human interaction is eliminated.
Businesses must focus on positively changing user behavior to improve their security posture. In order to do this, enterprises need to use contextualized, longitudinal learning to consistently educate users over time.
While there is awareness of password security best practices, there is still work to be done to put that awareness to full use, a Bitwarden survey reveals. While Americans are more likely to report being affected by a data breach in the last 18 months, 1 in 3 are more interested in having a password that is easy to remember versus being secure.
According to the index, which surveyed 902 organizations in the financial services sector, 74 percent have experienced a rise in cybercrime since the pandemic began, with 42 percent of banks and insurers revealing the remote working model has made them less secure. 44 percent were also concerned that this has led to less visibility of potential holes in their network or infrastructure and a further 37 percent of FIs believe their customers are now at greater risk of cybercrime or fraud.
To better defend their networks, systems, and devices from an ongoing barrage of attack techniques, healthcare organizations are increasingly turning to zero trust architecture, which does away with the traditional security perimeter, assuming that every user and every device on the network could potentially be malicious. Ransomware - widely prevalent in connected healthcare environments due to outdated and unpatched operating systems in myriad devices.
71% of CFOs surveyed believe that digital transformation investments are key to their company's success and 77% said they would help the CIO find a way to fund a new digital transformation project if the initiative delivered strong ROI, according to Rimini Street. Of the 80% of CFOs who expect their technology spending to increase in 2021, 46% say this growth in spending is being driven by new digital transformation investments.
Apple's problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and macOS devices. News of the latest compromise was included in a one-line mention in an advisory from Apple that documents fixes for a pair of WebKit security flaws that have been exploited on both iPhones and macOS computers.
Trend Micro announced an OT-native endpoint security solution, provided as part of its total security solution for smart factories. "The ugly truth of ICS endpoint security is that there has not been any security solution specifically designed for the high-availability needs of modernized equipment in the OT environment," said Akihiko Omikawa, executive vice president of IoT security for Trend Micro and chairman of TXOne Networks.