Security News

In this Help Net Security video, Dr. Pedram Hayati, Founder of SecDim, offers a technical write-up based on a secure programming challenge. The task was inspired by a major security breach that happened to a telco in Australia and offers lessons learned when it comes to hardening public API REST endpoints.

Open source tools are a key part of the Kubernetes security environment, with most companies using open source Kubernetes security software, research by ARMO has revealed. In a survey of The State of Kubernetes Open Source Security, 55% of respondents said they used at least some open source tools to keep their Kubernetes clusters safe; this includes those who use purely open source and those mix open source and proprietary solutions.

Because of this, "Not every organization is hyper-focused on the subject of diversity and inclusion," MK Palmore, a director in Google Cloud's Office of the Chief Information Security Officer, told The Register. The infosec community - still mostly male and mostly white - needs diversity to produce better outcomes, Palmore said.

In brief A security researcher whose Google Pixel battery died while sending a text is probably thankful for the interruption - powering it back up led to a discovery that netted him a $70,000 bounty from Google for a lock screen bypass bug. Hungarian security researcher David Schütz said in a blog post that he made the discovery when powering up his Pixel 6 and forgetting his SIM's PIN code, requiring him to dig out the Personal Unlocking Key, or PUK, that would allow him to reset the PIN. After a reboot, his phone repeatedly hung on a "Pixel is starting" screen.

This Mark of the Web is an alternate data stream that contains information about the file, such as the URL security zone the file originates from, its referrer, and its download URL. When a user attempts to open a file with a MoTW attribute, Windows will display a security warning asking if they are sure they wish to open the file. After analyzing the files, Will Dormann, a senior vulnerability analyst at ANALYGENCE, discovered that the threat actors were using a new Windows zero-day vulnerability that prevented Mark of the Web security warnings from being displayed.

Private security firms in New York City have co-opted public resources - specifically trees - to track their guards as they make their rounds. According to Gothamist, a New York-focused news site, security contractors have been drilling into trees on public city streets to install signaling hardware to ensure that guards are following their patrol routes.

ESET's newest consumer product release has taken a comprehensive approach to security to guard against a full range of threats. For over 30 years, ESET® has created industry-leading IT security software and services, protecting businesses worldwide from ever-evolving digital threats.

Without visibility and control over a critical mass of an organization's entire SaaS app stack, security teams are flying blind. This is why it's important that all SaaS apps across the organization be managed at scale.

In this Help Net Security video, Rodman Ramezanian, Cloud Threat Lead at Skyhigh Security, talks about what we can expect in 2023 security wise. Humans will continue to be in the crosshairs, as they are the number one contributors to breaches, either by compromised credentials, phishing or vishing, misuse, or the use of a misconfigured cloud account that leads to exposure of data.

Robotic Process Automation promises numerous benefits to organizations investing in it, including increased worker productivity, the automation of tedious and monotonous tasks, and improved efficiency. According to Deloitte, it's a market that will reach a value of more than $2.9 billion globally prior to 2023.