The Hacker News Daily Updates

"14 Kubernetes and cloud security challenges and how to solve them."

Views expressed in this cybersecurity, cybercrime summary are those of the reporters and correspondents.  Accessed on 21 April 2023, 1448 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:   https://mail.google.com/mail/u/0/#inbox/FMfcgzGsmDtkkpksnXflDCHdVzQFCCJC ("The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Hacker News Daily Updates

Unidirectional Security for Power Generation: Advanced Solutions Dramatically improve your security with Waterfall's Unidirectional Gateways and learn why they are essential to modern security programs for power generating utilities. Download Now Sponsored

LATEST NEWS Apr 21, 2023

14 Kubernetes and Cloud Security Challenges and How to Solve Them Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the ... Read More

N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another ... Read More

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result ... Read More

Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply ... Read More

Beyond Traditional Security: NDR's Pivotal Role in Safeguarding OT Networks Why is Visibility into OT Environments Crucial? The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized ... Read More

Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today. The findings are crucial, not least because it marks the first publicly documented example of ... Read More

Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. ... Read More

ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ... Read More

Unidirectional Security for Power Generation: Advanced Solutions Dramatically improve your security with Waterfall's Unidirectional Gateways and learn why they are essential to modern security programs for power generating utilities. Download Now Sponsored