Security News

A team at Temple University in Philadelphia has been tracking worldwide ransomware attacks on critical infrastructure, and anyone can request access to the data. An analysis of the data currently shows that government facilities were the most targeted type of critical infrastructure - followed at a distance by education and healthcare - and Maze was the most common ransomware strain.

As the COVID pandemic drives large enterprises to lean heavily on cloud computing solutions to enable their global workforce, Kublr and cloudtamer.io jointly announced an integration between their respective platforms to help customers better manage their cloud-native and container-based IT infrastructure. Cloudtamer.io provides a multi-cloud governance solution to make cloud account management, budget enforcement, and continuous compliance simpler for public and private sector organizations of all sizes.

Accurics unveiled a major upgrade to Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code. The new Terrascan architecture leverages the Open Policy Agent engine from CNCF, which dramatically simplifies policy definition for developers that want to create custom policies as well as provides over 500 out-of-the-box policies for the CIS Benchmark.

Red Hat OpenShift 4.5, which includes the general availability of OpenShift Virtualization, is designed to help organizations break down application barriers between traditional and cloud-native infrastructure and extend control over distributed resources. Red Hat OpenShift now includes OpenShift Virtualization, a new platform feature that enables IT organizations to bring standard VM-based workloads to Kubernetes, helping eliminate the workflow and development silos that typically exist between traditional and cloud-native application stacks.

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems. A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon's eCatcher VPN client.

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems. A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon's eCatcher VPN client.

Source code belonging to tens of companies, including several major organizations, has been leaked online after it was found on unprotected DevOps infrastructure. Kottmann told SecurityWeek that the source code they've made public, much of which appears to be proprietary, mostly comes from improperly configured or exposed DevOps infrastructure.

The U.S. National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency have issued a joint alert urging critical infrastructure operators to take immediate measures to reduce the exposure of operational technology systems to cyberattacks. The NSA and CISA say it's imperative that critical infrastructure asset owners and operators secure industrial control systems and other OT systems due to the high risk of cyberattacks launched by foreign threat actors.

This release further extends IoT and unmanaged device visibility and classification, enabling organizations to monitor for risks and proactively strengthen infrastructure via automated segmentation policy generation and enforcement. Ordr SCE discovers every connected device, maps communications patterns, and assesses risks.

Aviatrix, the cloud network platform, announced the sixth major release of its software designed for enterprises transforming their IT infrastructure to public cloud. "We knew from previous experience that the transit networking services offered by the cloud service providers did not consistently offer both the advanced networking and security controls we needed or the ability to support the multi-cloud network architecture we envisioned. Aviatrix delivered both and their single Terraform provider made it easy to fit Aviatrix software into our 'automate everything' culture and operational processes."