As the financial sector continues to adopt cloud technology, regulatory frameworks such as the updated NIS2 Directive and the Digital Operational Resilience Act (DORA) are shaping the cybersecurity landscape. Every second counts in such a complex environment: attackers can move quickly in the cloud, so defenders must change their strategies and tools to keep up. The financial sector has always been a prime target for cyber attacks, with the average breach costing almost 6 million US dollars. This makes cloud security regulations in financial services more important than ever. Cybersecurity is ..read more

Growing up as a small-town science nerd with a goal of solving crimes, never in a million years did I think I’d be where I am today. I always had a passion for math and science when I was in high school. For that reason, I went to college for forensic science. The television show CSI was also wildly popular when I was younger, so that might have played into my desire to work in a crime lab, doing ballistics or blood spatter analysis. For many reasons, that didn’t work out. I dropped out of school and joined the Air Force.  When I joined the military, I knew I wanted to find a position tha ..read more

Occasionally, you get exposed to something so logical that you literally take pause and smile quizzically asking yourself “Why didn’t I think of this before?” I have had this reaction on several occasions. This happened when I read Sounil Yu’s Cyber Defense Matrix and the logical way that it provided actionable insights on how to use the NIST Cybersecurity Framework across different asset classes (e.g., applications, data, networks, users, and devices). Sounil’s approach just made sense and, as a CISO, we need things that make sense and are actionable. Ours is a noisy profession and CISOs suf ..read more

How would you feel about your home security system if it only checked to see if your doors and windows were locked periodically? This security system would provide great visualizations of your house and how a criminal could get from one room to another, ultimately reaching one of your prized possessions, like a safe. However, it doesn’t have cameras on your doorbell or windows to alert you in real time when someone suspicious was approaching, or worse, trying to break into your house. Would you be satisfied with it? This is the same reason why you should not be content with static checks on y ..read more

Kubernetes 1.30 is on the horizon, and it’s packed with fresh and exciting features! So, what’s new in this upcoming release? Kubernetes 1.30 brings a plethora of enhancements, including a blend of 58 new and improved features. From these, several are graduating to stable, including the highly anticipated Container Resource Based Pod Autoscaling, which refines the capabilities of the Horizontal Pod Autoscaler by focusing on individual container metrics. New alpha features are also making their debut, promising to revolutionize how resources are managed and allocated within clusters. Watch out ..read more

The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security. While it is often not consumer-facing, open-source software is a critical component of computing and internet functions, such as secure communications between machines. Open source software (abbreviated as OSS) has become a cornerstone of the tech industry, influencing everything from small startups to global corporations. Despite its ubiquitous presence and foundat ..read more

This is part two in our series on building honeypots with Falco, vcluster, and other assorted open source tools. For the previous installment, see Building honeypots with vcluster and Falco: Episode I. When Last We Left our Heroes In the previous article, we discussed high-interaction honeypots and used vcluster to build an intentionally-vulnerable SSH server inside of its own cluster so it couldn’t hurt anything else in the environment when it got owned. Then, we installed Falco on the host and proceeded to attack the SSH server, watching the Falco logs to see the appropriate rule trigger whe ..read more

The Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we are calling RUBYCARP. Evidence suggests that this threat actor has been active for at least 10 years. Its primary method of operation leverages a botnet deployed using a variety of public exploits and brute force attacks. This group communicates via public and private IRC networks, develops cyber weapons and targeting data, and uses its botnet for financial gain via cryptomining and phishing. This report explores how RUBYCARP operates and its motivations.&n ..read more

On March 29th, 2024, a backdoor in a popular package called XZ Utils was announced on the Openwall mailing list. This utility includes a library called liblzma which is used by SSHD, a critical part of the Internet infrastructure used for remote access. When loaded, the CVE-2024-3094 affects the authentication of SSHD potentially allowing intruders access regardless of the method. Affected versions: 5.6.0, 5.6.1 Affected Distributions: Fedora 41, Fedora Rawhide *At the time of this writing Background A malicious threat actor was able to commit code to the XZ Utils Github repository on February ..read more

The SEC cybersecurity disclosure rules have put a spotlight on the issue of cybersecurity within organizations. The core of the rules and related guidance can be found in the article “Assess Your Readiness Now for the SEC Cybersecurity Disclosure Rules.“ The SEC cybersecurity disclosure rules should help build momentum around the importance of governance and risk management, relevant expertise, and timely incident disclosure that are fundamental to cybersecurity programs. The disclosure rules won’t address all the inherent challenges of cybersecurity. But it’s worth further examination into th ..read more