Security News

The Federal Bureau of Investigation has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. "The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors," the federal law enforcement agency said.

Threats to the supply chain can take many forms, including malware attacks, piracy, unauthorized access to enterprise resources and data, and unintentional or maliciously injected backdoors in software source code. This means putting security at the center of the supply chain and making it a foundational element.

It followed this up with a memorandum on improving cybersecurity for critical infrastructure control systems. Cities don't often have the expertise or resources to secure systems well or monitor for these kinds of attacks, and the attackers only have to succeed once.

Security researchers have checked the web's public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities. You can be reasonably confident that your bank website is actually your bank website when it presents your browser with an end-user or leaf certificate that's linked through a chain of trust to an intermediate certificate and ultimately the X.509 root certificate of a trusted CA. Each browser relies on a trust store consisting of a hundred or so root certificates that belong to a smaller set of organizations.

In the coming years, organizations will deploy, operate, and scale digital infrastructure to ensure consistent security, performance, and compliance across all resources, regardless of where and how they are deployed. These organizations will invest in more intelligent, autonomous operations and take advantage of flexible consumption and strategic vendor partnerships to promote agility and ensure that the business, and its digital infrastructure, can continue to perform in the face of a wide range of unexpected scenarios - social, geopolitical, economic, climate, or business related.

While cybersecurity firms are often the first port of call for business leaders desperate for answers, the crucial role of software providers should not be overlooked. The first step to understanding the importance of industrial software providers is realizing their central role in the cybersecurity ecosystem.

Ransomware attacks on industrial environments have increased by 500 per cent in three years, and it's unlikely the criminals responsible are going to slow down anytime soon. If cyber-attackers are smart, is it possible to beat them with something even smarter? Something like AI? And is it possible to predict what the next wave of attacks will look like and prepare now?

CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure. The two federal agencies issued these recommendations for service providers and system integrators that build and configure 5G cloud infrastructure, including cloud service providers, core network equipment vendors, and mobile network operators.

It's a matter of going after those with deep pockets. Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn't terminate services for websites that infringed on the dressmakers' copyrighted designs.

CloudLinux launched a new open-core project - KuberLogic - software that allows DevOps to set up scalable, self-healing PaaS on top of your Kubernetes cluster. Available on GitHub, KuberLogic allows administrators to run and deploy key open-source components with simple configurations and high availability.