••• All important news related to new attacks and see the solutions we can offer you •••
The Impact of DevSecOps in Securing Cloud Native AppsLees de originele artikel hier
DevSecOps practices enable enterprises to achieve a variety of strategic outcomes. The benefits that pertain to security in particular include:
- Identifying security and compliance violations earlier in app development
- Detecting vulnerabilities and malware proactively
- Minimizing attack surfaces and exploitable real estate
- Integrating security into the CI/CD pipeline
- Providing greater security assurance
- Tracking metrics that can improve development workflows
The state of the art
There is no single framework for DevSecOps. Both the concept and the practice continually evolve to keep pace with the innovations occurring in cloud native app development. This is particularly significant because, as new technologies like containers and serverless become mainstream, organizations need to ensure they assess and adopt new security practices and tools to secure these deployment paradigms. Adopting a DevSecOps posture enables security teams to be proactive against a constantly evolving threat surface.
However, two concepts that help form the core of the DevSecOps process are the development of the modern CI/CD pipeline, and the push to "shift left" by integrating security early into the development pipeline.
This modern cloud native development process comprises four distinct phases: Develop, Distribute, Deploy, and Run. The next few sections show how security can be incorporated into these phases in order to achieve the outcomes outlined earlier.
The Develop phase has emerged as one of the most critical in this modern process. This is due to the fact that cloud native deployments are increasingly defined in all aspects by code, using artifacts such as infrastructure-as-Code (IaC) and Kubernetes or application dependency manifests. However, these new ‘as code’ technologies have exposed a number of threat and attack vectors. A Unit 42 Cloud Threat Report from 2020 found that:
- 42% of CloudFormation and Terraform IaC templates are insecure
- 51% of Docker containers use insecure defaults
- 24% of hosts contain known vulnerabilities
- 43% of cloud databases are unencrypted
As these technologies grow in popularity, it is imperative to inject security in the develop phase to identify security violations and address them early. The security activities to consider in this phase primarily include:
- IaC Scanning to detect security misconfigurations
- SAST to identify security issues in custom code
- SCA to gain visibility into licensing models for 3rd party libraries
- DAST to scan fully deployed applications
Please see the state of the arts SAST, DAST, IAST and SCA solutions we have to offer!
For Infrastructure as Code scanning please see: www.kics.io
Poland's CD Projekt delays results due to cyber attackLees de originele artikel hier
WARSAW (Reuters) - Polish video games maker CD Projekt posptoned the publication of its financial results for 2020 and the first quarter of 2021 as a result of a cyber attack that resulted in restricted access to its systems, the company said on Friday.
The cyber attack earlier this month compromised some of CD Projekt’s internal systems, including the source code to Cyberpunk 2077 and resulted in delaying the release of a patch for the game until the second half of March.
The company said on Friday it had moved the date of publication of its 2020 results to April 19 from March 30. The results for the first quarter of 2021 will be published on May 27, two days later than initially planned.
Shares in the company, which rose to fame on the back of the success of its medieval fantasy Witcher series, plunged at the end of last year due to Cyberpunk roll-out problems, after hitting a record high of 464.2 zlotys. They recovered some losses after a social media campaign against short sellers led some to close their positions.
Shares have lost almost 10% since the postponement of Cyberpunk’s patch earlier this week.
Gootkit RAT Using SEO to Distribute Malware Through Compromised SitesLees de originele artikel hier
A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads.
"The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today.
"In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself."
Dubbed "Gootloader," the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S.