Security News

Workers - and the tech and security teams that support them - had to "Improvise" just to keep organisations operating at all, meaning security was, for some perhaps, an afterthought. Our friends at cloud native security experts ExtraHop have identified ten key threats any security pro should be aware of, and the techniques to tackle them, and they'd love to share them with you.

The GAIA-X Initiative announced that it is one step closer to its goal of a trustworthy, sovereign digital infrastructure for Europe, with the official signing of incorporation papers for GAIA-X AISBL, a non-profit association that will take the project to the next level. "We are deeply motivated to meet the challenges of the European digital economy," said Servane Augier, COO at 3DS OUTSCALE. "Through GAIA-X, we are building, all together, a sovereign and reliable digital infrastructure and an ecosystem for innovation in Europe. In this way, we will strengthen the digital sovereignty of businesses, research and education, governments and society as a whole."

A team at Temple University in Philadelphia has been tracking worldwide ransomware attacks on critical infrastructure, and anyone can request access to the data. An analysis of the data currently shows that government facilities were the most targeted type of critical infrastructure - followed at a distance by education and healthcare - and Maze was the most common ransomware strain.

As the COVID pandemic drives large enterprises to lean heavily on cloud computing solutions to enable their global workforce, Kublr and cloudtamer.io jointly announced an integration between their respective platforms to help customers better manage their cloud-native and container-based IT infrastructure. Cloudtamer.io provides a multi-cloud governance solution to make cloud account management, budget enforcement, and continuous compliance simpler for public and private sector organizations of all sizes.

Accurics unveiled a major upgrade to Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code. The new Terrascan architecture leverages the Open Policy Agent engine from CNCF, which dramatically simplifies policy definition for developers that want to create custom policies as well as provides over 500 out-of-the-box policies for the CIS Benchmark.

Red Hat OpenShift 4.5, which includes the general availability of OpenShift Virtualization, is designed to help organizations break down application barriers between traditional and cloud-native infrastructure and extend control over distributed resources. Red Hat OpenShift now includes OpenShift Virtualization, a new platform feature that enables IT organizations to bring standard VM-based workloads to Kubernetes, helping eliminate the workflow and development silos that typically exist between traditional and cloud-native application stacks.

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems. A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon's eCatcher VPN client.

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems. A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon's eCatcher VPN client.

Source code belonging to tens of companies, including several major organizations, has been leaked online after it was found on unprotected DevOps infrastructure. Kottmann told SecurityWeek that the source code they've made public, much of which appears to be proprietary, mostly comes from improperly configured or exposed DevOps infrastructure.

The U.S. National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency have issued a joint alert urging critical infrastructure operators to take immediate measures to reduce the exposure of operational technology systems to cyberattacks. The NSA and CISA say it's imperative that critical infrastructure asset owners and operators secure industrial control systems and other OT systems due to the high risk of cyberattacks launched by foreign threat actors.