Researchers have found that Kinsing malware gained access to Kubernetes servers by exploiting misconfigured and exposed PostgreSQL servers. The threat actors gained access by exploiting weakly configured PostgreSQL containers and vulnerable container images.
Tufin has promoted chief revenue officer Raymond Brancato to CEO and tasked him with simplifying visibility, compliance and automation for AWS and Azure. Brancato plans to focus on helping clients better understand their security posture in cloud, SD-WAN and SASE environments.
Rising offensive security star NetSPI has bought boutique penetration testing firm nVisium to help customers assess their cloud defenses. NetSPI says nVisium's deep understanding of specific cloud platforms will come in handy since Azure penetration testing differs from AWS pen testing.
Cybercrime on a global scale is spiraling out of control, and one industry above all seems to be in the crosshairs often: healthcare. Javvad Malik of KnowBe4 discusses how to improve a healthcare organization's security culture and the security awareness of its employees.
Although small to medium enterprises - SMEs - do not have the security resources larger enterprise possess, they face the same risks. Here are five reasons you should consider consolidating your tech as you strive to find an effective, sustainable security stack that also keeps costs in check.
"If we look at all of the types of issues with cloud breaches, it always comes down to misconfiguration," says Troy Leach of Cloud Security Alliance. "The challenge is: People try to treat cloud environments the same as they've always done on-premises, and that is unfair for both environments."
Pennsylvania-based nonprofit Maternal and Family Health Services this week revealed a ransomware attack in April 2022 that compromised patient medical and financial data. Information accessed in the breach includes names, addresses and Social Security numbers.
A municipal ambulance services provider that serves 15 cities in a Texas county has reported to federal regulators a ransomware breach potentially affecting 612,000 individuals, which is equivalent to nearly 30% of the county's 2.1 million population.
In the latest weekly update, ISMG editors discuss how collaboration platform Zoom has strengthened its security features, the implications of a new law on medical device security for patient safety, and details on how a zero-day exploit enabled the ransomware hit on cloud computing firm Rackspace.
Hosting giant Rackspace says the recent ransomware attack resulted in Microsoft Exchange data for 27 customer organizations being accessed by attackers. But it says a digital forensic investigation has found "no evidence" that attackers "viewed, obtained, misused or disseminated emails or data."
Seattle police have charged an online retailer's "shopping experience" software programmer with engineering a fraud scheme based on the movie "Office Space," in which malicious software was used to transfer a fraction of every transaction into an outside account.
A class action lawsuit against LastPass alleges that a data breach in August resulted in the theft of $53,000 in bitcoin. An unnamed plaintiff alleges that negligence in the password management company's data security practices led to the Thanksgiving weekend theft.
CircleCI, which is used by over 1 million developers to build, test and deploy software, has issued a brief security alert warning all customers to immediately "rotate any secrets stored in CircleCI" as it continues to probe a suspected two-week intrusion.
The latest edition of the ISMG Security Report analyzes why Meta has agreed to pay $725 million to settle a class-action lawsuit over users' personal data, how the median stock price dropped 40% among publicly traded security firms in 2022, and why an infrastructure change is needed in SOCs.
A member of a criminal data breach forum that tried to sell the email addresses of 400 million Twitter users to CEO Elon Musk last month has now posted the stolen data for anyone to download for free. The 63GB of data includes names, handles, creation dates, follower counts and email addresses.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.