Configuration Management Archives

Misconfigured Microsoft endpoint exposes sensitive data from 65K entities

Cloud Security, Configuration Management / By Frank Crast / October 21, 2022 / Azure, Blob Storage, BlueBleed, Bucket, Cloud, Cybersecurity Threat Center, SOCRadar

A misconfigured Microsoft endpoint has exposed sensitive data from 65,000 entities across 111 countries, researchers from SOCRadar have allegedly discovered.

cyber security, internet, hacking-3400555.jpg

DevSecOps best practices to secure cloud-native and microservices-based applications

Application Security, Cloud Security, Configuration Management, Cybersecurity Articles, Vulnerabilities & Exploits / By Frank Crast / March 12, 2022 / CI/CD, Cloud, Cybersecurity Threat Center, DevOps, DevSecOps, NIST, Service Mesh, SP 800-204C

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.” The guidelines include many best practices on how organizations and secure their CI/CD pipeline and enhance the software delivery processes.

NIST SP 800-204C: Implementation of DevSecOps for a Microservices-based Application with Service Mesh

Application Security, Cloud Security, Configuration Management, Standards & Guidelines / By Frank Crast / March 8, 2022 / DevSecOps, NIST, SP 800-204C

he National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.”

Siloscape: The first malware to target Windows containers

Configuration Management, Malware, Vulnerabilities & Exploits / By Frank Crast / June 7, 2021

Researchers have discovered the first known malware dubbed “Siloscape” targeting Windows containers to open a backdoor into poorly configured Kubernetes clusters.

Threat actors target vulnerable critical SAP applications

Configuration Management, Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 6, 2021 / 10KBlaze, CISA, CVE-2020-6287, ERP, Onapsis, RECON, SAP

Security experts from Onapsis and SAP have released a new threat intel report for SAP customers that warns of cyber threat actors targeting unprotected SAP applications.

Microsoft and FireEye reveal new details on SolarWinds cyberattack

Configuration Management, Cybercrime, Cybersecurity Attacks / By Frank Crast / February 15, 2021 / FireEye, SolarWinds, UNC2452

Microsoft and FireEye have revealed new details on the infamous SolarWinds cyberattack used to spread a virus to 18,000 government and corporate computer networks.

NSA issues new guidance on encrypted DNS

Configuration Management, Cryptography, Cybersecurity Articles, Network Security / By Frank Crast / January 18, 2021 / DNS, DoH, NSA

The National Security Agency (NSA) has issued new guidance for adopting encrypted DNS over HTTPS dubbed “DoH.”

NSA: New guidance to eliminate obsolete TLS protocols

Authentication, Configuration Management, Cryptography, Cybersecurity Articles, Vulnerabilities & Exploits / By Frank Crast / January 9, 2021 / CNSA, DES, DHE, ECDH, ECDH/ECDHE, encryption, IDEA, NIST SP 800-52, NSA, NULL, RC2, RC4, SSL, TDES/3DES, TLS, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3

The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

Cloud Security, Configuration Management, Cybersecurity Attacks, Data Breach, Malware, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / December 19, 2020 / APT, CISA, Cisco, Emergency Directive, Equifax, FireEye, Microsoft, NNSA, NSA, Nuclear, SolarWinds, Sunburst, Supply Chain, Symantec, Teardrop, UNC2452

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.

FBI: Cyberattackers target EOL Windows 7 systems

Configuration Management, Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / August 6, 2020 / BlueKeep, Cyberattack, EOL, EOS, FBI, Microsoft, WannaCry, Windows 7

The Federal Bureau of Investigation (FBI) issued a private industry notification warning that cyberattackers continue to target end of life (EOL) Windows 7 systems.