Security News > 2021 > September
A Dimensional Research survey shares Kubernetes best practices and key insights about the rapidly growing and evolving use of Kubernetes within businesses. The findings of the survey highlight the need for continued innovation in the way Kubernetes and its related ecosystem are used and managed in real production environments in order to further bridge the gap between Information Technology Operations and Development Operations teams across organizations.
Ponemon Institute surveyed 597 IT and IT security professionals to understand how COVID-19 has impacted how healthcare delivery organizations protect patient care and patient information from increasing virulent cyberattacks, especially ransomware. For the first time, this research shows that ransomware attacks on healthcare organizations may have life-or-death consequences.
Nearly two-thirds of enterprises are concerned about how much time is spent managing certificates. The typical enterprise says as many as 1,200 of the certificates are actually unmanaged, and 47% say they frequently discover so-called "Rogue" certificates.
This is according to a study launched by Exasol, which found 50% of CDOs believe the value of their role is not yet recognized in the business world, while 46% say that organizations' expectations for the CDO role are too high and are misinformed. The study, which aims to help employers and aspiring CDOs increase their chances of carving out a successful position, supports this in finding 17% of the CDOs surveyed had only stayed in their previous role for between one and two years.
Microsoft is relaxing its app store policies for Windows and the redesigned marketplace will meet the needs of customers and developers across a variety of app experiences. With Windows 11, Microsoft has opened up its store to developers using different types of frameworks, packaging technologies, and commerce platforms.
The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions. The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."
The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions.The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."
Some perpetrators hire cheap human labor, for staging larger scale account takeover attacks. Hacker intervention can occasionally circumvent standard authentication measures for blocking account takeover fraud.
Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084, the vulnerability concerns an OGNL injection flaw that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance.
HTTPS, short for secure HTTP, relies on the encryption protocol known as TLS, which is short for transport layer security. Many high-traffic sites were afraid of HTTPS because of the extra time taken by the "Cryptographic dance" demanded by the protocol every time a visitor arrived at the site, and because of the need to encrypt and decrypt every byte sent and received thereafter.