Security News

Confluent announced Confluent for Kubernetes, a platform purpose-built to bring cloud-native capabilities to data streams in private infrastructures. To make it easier and faster to harness the value of data in motion across an entire organization, Confluent drew on its expertise managing thousands of Apache Kafka clusters in Confluent Cloud to offer the same cloud-native experience for on-premises environments.

The big news in critical infrastructure security is the ransomware-triggered shutdown of the Colonial gasoline pipeline - the largest such pipeline in the USA. The attack has been attributed to the DarkSide ransomware group. Even without evidence that the attack has migrated into ops, the organization might shut everything down in an abundance of caution, like they did in the Norsk Hydro attack in 2019.

South Korea's Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation's energy infrastructure. Minister of Trade, Industry and Energy Moon Seung-wook convened a meeting yesterday, saying it was needed considering the ransomware attack on the Colonial Pipeline that shuttered one of the USA's main oil transport facilities.

Cybersecurity expert discusses the many ways attackers could have gotten access to the Colonial Pipeline company and reminds us why the threat always looms. TechRepublic's Karen Roby spoke with Vyas Sekar, a professor in electrical and computer engineering at Carnegie Mellon University, about the Colonial Pipeline ransomware attack by the hacker group Darkside.

Expert says there are several ways the hackers may have gotten access and how we can possibly prevent these attacks in the future.

Klarrio is now offering its customers the opportunity to use EU-hosted infrastructure for their cloud needs selecting any of Exoscale's data center locations. Combining Klarrio's system integration expertise with Exoscale cloud infrastructure while adhering to initiatives such as Gaia-X will provide customers with best-of-breed technology and solutions.

A variety of attack tools by a variety of threat actors are involved in exploiting the Pulse Secure systems, including four variants of a novel malware family FireEye/Mandiant has named SLOWPULSE. Three of the four variants of SLOWPULSE allow attackers to bypass two-factor authentication mechanisms in the VPN system. There is no information yet as to whether or which industrial or critical infrastructure sites might have been targeted.

The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "Skillful and methodic operators who follow operations security best practices to minimize traces, stay under the radar, and avoid detection." By analyzing telemetry data associated with previously published indicators of compromise, RiskIQ said it identified an additional set of 18 servers with high confidence that likely communicated with the targeted, secondary Cobalt Strike payloads delivered via the TEARDROP and RAINDROP malware, representing a 56% jump in the attacker's known command-and-control footprint.

Red Balloon Security announced an expanded and customizable set of offerings for critical infrastructure and a range of industries - including energy, industrial control systems, building management systems, automotive, and telecommunications. Red Balloon Security is launching a portfolio of solutions combining its expertise with its advanced suite of technologies for embedded devices.

The coronavirus pandemic accelerated trends that had slowly been changing businesses everywhere, transforming remote work from a perk to a necessity and sending even more of our data, applications, and day-to-day activities into the cloud. The most obvious pain point that many organizations are working through is how to manage workforce transformation, specifically when it comes to authenticating and monitoring remote user identities.