Microsoft exposes and disables Polonium activity targeting Israeli organizations
Microsoft has exposed and disabled a Lebanon-based Polonium cyber activity targeting Israeli organizations.
Cloud Security
Denonia malware targets AWS Lambda
A first of its kind malware dubbed Denonia has been targeting Amazon Web Services (AWS) Lambda, an event-driven, serverless computing platform.
DevSecOps best practices to secure cloud-native and microservices-based applications
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.” The guidelines include many best practices on how organizations and secure their CI/CD pipeline and enhance the software delivery processes.
NIST SP 800-204C: Implementation of DevSecOps for a Microservices-based Application with Service Mesh
he National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.”
CISA: Take these urgent steps to protect your organization against potential critical cybersecurity threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights guideline document with steps organizations can take against potential critical cybersecurity threats.
Microsoft issues new guidance on OMI vulnerabilities within Azure VM Management extensions
Microsoft has published new guidance on Open Management Infrastructure (OMI) vulnerabilities within Azure virtual management (VM) Management extensions.
Pro-Ocean cryptojacking malware targets cloud applications
A new Pro-Ocean cryptojacking malware targets popular cloud applications including ApacheMQ, Oracle Weblogic and Redis. The malware contains four modules that execute to hide, mine cryptocurrency, watchdog and infect systems.
SQL Server malware “MrbMiner” attacks
Security researchers have identified the source of a SQL Server malware “MrbMiner” attacks allegedly tied to an Iranian software firm.
FireEye publishes Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers
Security firm FireEye has published new Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers, also known as UNC2452.
CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)
The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.