Vulnerabilities and Case Studies

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks.

Kubernetes

Securing the Container Frontier: Kubernetes Trends Report 2025 Preview

From rapid-fire attack attempts to evolving defense strategies, our Kubernetes Security Report paints a vivid picture of a dynamic landscape. Check out the preview here.

Kubernetes security fundamentals: Networking

Even with all the variety possible in Kubernetes networking, one key point remains constant: in a Kubernetes cluster, all pods are able to communicate with all other pods by default. This is great for application management—it's this property, combined with service discovery, that allows applications to be deployed across large numbers of nodes while still being able to operate. However, the ability of all pods in a cluster to communicate with each other has some consequences for network security, as it means we generally start with a flat pod network that has no restrictions.

Why we need a unified approach to Kubernetes environments

Today, organizations struggle managing disparate technologies for their Kubernetes and network security needs. Leveraging multiple technologies for networking and security for in-cluster, ingress, egress, and traffic across clusters creates challenges, including operational complexities and increased costs.

Worth Knowing

2024 Cloud Threat Landscape Report: How does cloud security fail?

Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.

MITRE's Latest ATT&CK Simulations Tackle Cloud Defenses

The MITRE framework's applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.

The anatomy of a Toxic Combination of Risk

How to uncover potential threats and eliminate critical risks in your cloud environment.

Competitive Information and the Cloud Security Market

Mitiga secures $30M to expand cloud and SaaS incident response capabilities

Cloud incident response company Mitiga Security Inc. today announced that it has raised $30 million in new funding to drive growth, enhance its artificial intelligence-driven platform and forge strategic alliances.

Navigating the 2024 holiday season: Insights into Azure’s DDoS defense

The 2024 holiday season revealed a complex and evolving threat landscape for Distributed Denial-of-Service (DDoS) attacks. This year’s trends included advanced tactics such as an increase in DDoS-for-hire operations, the assembly of massive DDoS botnets by script kiddies, politically motivated attack campaigns, and the bypass of CDN (Content Delivery Network) protections among other evolving threats.