ACM.103 Provide access to S3 (and yum) in network rules without adding every S3 CIDR to maintain zero-trust networking This is a continuation of my series on Automating Cybersecurity Metrics. In the last post, I showed you how to access Git using a static IP addess (otherwise known as an EIP on AWS to add […]
Cyber News, Cyber Threat Trends
I was just updating my deployment script to add users to groups as part of my latest blog series on automated security metrics: Automating Cybersecurity Metrics (ACM) I added a user to the Developers group. I had an existing user named Developer, added a new user name Developer2 using my add to group code. After deploying my […]
Cyber News, Cyber Threat Trends
ACM.102 Ensuring only authorized IP addresses can access your private GitHub repositories This is a continuation of my series on Automating Cybersecurity Metrics. My last post explained how you can restrict SSH access on your local network to only authorized IP addresses. Local Firewall Rules to Connect to an AWS EIP via SSH Specifically, we […]
Cyber News, Cyber Threat Trends
Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers’ machines with a malware called W4SP Stealer. “The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22,” […]
Cyber News, Cyber Threat Trends
Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has “observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability,” making it imperative that
Cyber News, Cyber Threat Trends
Vulnerability management vendor Qualys this week announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multicloud and hybrid environments. The software is designed to provide a holistic overview of an organization’s cloud-based workloads and identify known vulnerabilities. The system also scans workloads […]
Cyber News, Cyber Threat TrendsIn 1878, a 55-foot-long giant squid washed up on the shores of Glover’s Harbour, Newfoundland. It’s the largest giant squid ever recorded—although scientists now think that the size was an exaggeration or the result of postmortem stretching—and there’s a full-sized statue of it near the beach where it was found. As usual, you can also […]
Cyber News, Cyber Threat Trends
Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation offering, which allows users to publicly confirm […]
Cyber News, Cyber Threat Trends
That was the week that was…
Cyber News, Cyber Threat Trends