'

FBI Hacker Dropped Stolen Airbus Data on 9/11

FBI Hacker Dropped Stolen Airbus Data on 9/11

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on … Read more

New Kubernetes vulnerability allows privilege escalation in Windows

New Kubernetes vulnerability allows privilege escalation in Windows

The latest version of Kubernetes released last month includes patches for an entire class of vulnerabilities that allow attackers to abuse the subPath property of YAML configuration files to execute malicious commands on Windows hosts. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai researcher Tomer … Read more

Using AI-generated code can lead to business risk

Using AI-generated code can lead to business risk

Little things can get you into big trouble. This has been true for all human history. One of the most famous descriptions of it comes from a proverb centuries ago that begins “For want of a nail the [horse]shoe was lost…” and concludes with the entire kingdom being lost “…all for the want of a … Read more

Severe Azure HDInsight flaws highlight dangers of cross-site scripting

Severe Azure HDInsight flaws highlight dangers of cross-site scripting

Security researchers have found eight serious cross-site scripting (XSS) flaws in Azure HDInsight, a big data processing service powered by open-source technologies like Apache Hadoop, Spark, Hive and Kafka running on Azure. The flaws could have allowed attackers to inject and execute malicious scripts in visitors’ browsers. “All XSS vulnerabilities posed significant security risks to … Read more

Partnering up on XDR: A rising tide lifts all security teams

Partnering up on XDR: A rising tide lifts all security teams

Security is a community effort; it takes a network of partners to ensure everyone is secure.   That’s why Cisco’s Extended Detection and Response (XDR) solution, launched in April, focuses on correlating telemetry from several third-party security vendors to increase interoperability and deliver consistent outcomes regardless of vendor or technology.    Security is a fragmented market, … Read more

Perception Point launches MSP program to help partners tackle threats

Perception Point launches MSP program to help partners tackle threats

Cybersecurity provider Perception Point has announced the launch of a new managed service provider (MSP) program to empower partners with dedicated, enterprise-level threat prevention, detection, and response. The tailored security offering is designed for MSPs and managed security service providers (MSSPs) to better protect their clients and streamline security operations, according to the vendor. Perception … Read more

Gigamon’s ‘Precryption’ to block attacks hiding behind encryption

Gigamon’s ‘Precryption’ to block attacks hiding behind encryption

With promises of unprecedented visibility into encrypted traffic across virtual machines (VM) and container workloads, deep observability company Gigamon has launched a new “Precryption” technology. Gigamon’s GigaVUE 6.4 will deploy the Precryption technology to enable IT and security teams to conduct encryption-centric threat detection, investigation, and response across the hybrid cloud infrastructure. “There’s encryption everywhere … Read more

Machine Learning is a Must for API Security

Machine Learning is a Must for API Security

Modern digital transformations have been fuelled by APIs, altering how many businesses and organizations run. However, the recent innovation and digital transformation wave have also opened up new attack surfaces for cybercriminals. Companies are forced to respond to an increase in API threats, but they quickly learn that traditional, static methods of API security are … Read more