How I Got Pwned by My Cloud Costs

Presently sponsored by: Meet compliance objectives in a remote-first world without resorting to rigid device management. Try Kolide for 14-days free!

I have been, and still remain, a massive proponent of “the cloud”. I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could

Continue reading How I Got Pwned by My Cloud Costs

White House hosts open-source software security summit in light of expansive Log4j flaw

Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders. Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites. “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting. The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout. It’s the latest of several Biden White House summits […]

The post White House hosts open-source software security summit in light of expansive Log4j flaw appeared first on CyberScoop.

Continue reading White House hosts open-source software security summit in light of expansive Log4j flaw

How are DDOS protection mechanisms setup when confidential data is involved?

Scenario:
A hospital has the records of all patients. There is an online portal where patients can login to see their personal medical data.
Since a hospital is an obvious target for any type of hack, the hospital decides to implement DDoS… Continue reading How are DDOS protection mechanisms setup when confidential data is involved?

Infosec products of the month: December 2021

Here’s a look at the most interesting products from the past month, featuring releases from Action1, AwareGO, BlackBerry, Box, Castellan Solutions, Cloudflare, Code42, Cossack Labs, F5 Networks, Immuta, IriusRisk, MetricStream, MobileSphere, Nerdio, Ne… Continue reading Infosec products of the month: December 2021

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Cloudflare joins Microsoft 365 Networking Partner Program to optimize user connectivity

Cloudflare announced it has joined the Microsoft 365 Networking Partner Program (NPP). Customers of Cloudflare’s Zero Trust platform, Cloudflare One, will now benefit from enhanced connectivity to Microsoft 365 services, enabling them to get faster per… Continue reading Cloudflare joins Microsoft 365 Networking Partner Program to optimize user connectivity

Cloudflare collaborates with leading cyber insurers to help businesses reduce their cyber risk

Cloudflare announced it is partnering with leading cyber insurance companies to help businesses manage their risks online. Eligible Cloudflare customers can qualify for discounts or other added benefits from insurance providers like At-Bay, Coalition, … Continue reading Cloudflare collaborates with leading cyber insurers to help businesses reduce their cyber risk

New infosec products of the week: December 10, 2021

Here’s a look at the most interesting products from the past week, featuring releases from Action1, Cloudflare, Code42, F5 Networks, NetQuest, Oxeye, SentinelOne and Tenable. SentinelOne Singularity Mobile combats mobile malware and phishing attacks Wi… Continue reading New infosec products of the week: December 10, 2021