July 25, 2024 at 02:39AM Zest Security aims to revolutionize cloud risk resolution with its AI-powered platform, streamlining the process by identifying and eliminating vulnerabilities and misconfigurations. Existing manual methods take 30-60 days per risk and often lead to 80% resurfacing. The company raised $5 million from investors and boasts co-founders with extensive experience in … Read more
January 10, 2024 at 06:26PM Adversary exploiting two known misconfigurations in big data technologies to deploy Monero cryptominer. Based on the meeting notes, the key takeaways are: – The adversary is taking advantage of two known misconfigurations in big data technologies – The purpose of this exploitation is to deploy a Monero cryptominer Full Article
December 18, 2023 at 10:39AM SaaS has become crucial for corporate IT, with service businesses almost entirely reliant on it. However, this shift has attracted threat actors. Trends for 2024 include democratization of SaaS, the importance of ITDR, cross-border compliance, misconfiguration risk, third-party app reliance, and remote device security. SSPM tools like Adaptive Shield are … Read more
November 6, 2023 at 03:10PM Aqua Security has announced that its open source solution, Trivy, now includes vulnerability scanning for Kubernetes components. This helps companies understand the security of their Kubernetes environment and reduce risk. Trivy also supports Kubernetes Bill of Materials (KBOM) generation, allowing users to track cluster security changes over time. Aqua will … Read more
November 4, 2023 at 01:08PM The increased attacks on cloud infrastructure and services have created a scenario where successful breaches affect both cloud providers and users. To better protect public cloud resources, organizations need to adopt new ways of thinking, understand likely attack vectors, and collaborate closely with their cloud service providers. Misconfigurations and stolen … Read more
October 13, 2023 at 10:57AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared new details about vulnerabilities exploited by ransomware groups in order to help critical infrastructure organizations defend against attacks. Through its Ransomware Vulnerability Warning Pilot program, CISA has identified over 800 vulnerable systems frequently targeted by ransomware operations. CISA has also … Read more
October 13, 2023 at 10:12AM The US cybersecurity agency CISA has released two new resources to help organizations identify and eliminate security flaws targeted by ransomware groups. The resources include a column in the Known Exploited Vulnerabilities catalog that flags flaws associated with ransomware campaigns, and a table on the StopRansomware project’s website listing misconfigurations … Read more