Written by Sean Lyngaas
Written by Sean Lyngaas
Written by Jeff Stone
Amazon unveils a new biometric ID technology, the Biden campaign takes aim at Facebook and iRobot’s co-founder joins a robotic gardening startup. This is your Daily Crunch for September 29, 2020.
In this post, I show you how to create isolated AWS Cloud9 environments for your developers without requiring ingress (inbound) access from the internet. I also walk you through optional steps to further isolate your AWS Cloud9 environment by removing egress (outbound) access. Until recently, AWS Cloud9 required you to allow ingress Secure Shell (SSH) access from authorized AWS Cloud9 IP addresses. Now AWS Cloud 9 allows you to create and run your development environments within your isolated Amazon Virtual Private Cloud (Amazon VPC), without direct connectivity from the internet, adding an additional layer of security.
The free content you are trying to access is for Members Only. If you’re already a member, simply login. Otherwise, please register to become a member of The Ethical Hacker Network and join the ranks of those we affectionately call EH-Netters. Soon you’ll be creating your own personal ethical hacker network.
There was a time when cyberattacks on identity and authentication infrastructures [like Active Directory (AD)] were immensely challenging to perform. A lot of forethought had to be put into devising a plan for the careful execution of attacks, and advanced technical knowledge of domains and networks was a requisite. Over time, with the advent of open-source pen testing tools, the knowledge gap and the complexities involved to carry out a full-scale cyberattack have narrowed drastically.
Catalin Cimpanu, writing for ZDNet: For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape. While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report. Just like the previous SIR reports, Microsoft has yet again delivered. Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers. The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft’s main findings, and general threat landscape trends.
For a change, we’re not going to talk about information security today. Instead, this is about industrial data analysis at the Chelyabinsk Pipe Rolling Plant (ChelPipe). Out of the blue? Not really. It’s actually another area of application for our innovations, and it goes by the name “trusted industrial data.”
World Wrestling Entertainment referee/talent liaison Drake Wuertz and Matt Morgan, WWE wrestler-turned-mayor of Longwood, Florida, have been coordinating to raise money for a QAnon-adjacent anti-child trafficking charity on company and city time, emails obtained by Motherboard show.
Zero Trust revolves around three key principles: verify explicitly, use least privileged access, and assume breach. Microsoft’s Advanced Compliance Solutions are an important part of Zero Trust.
Sometimes, I think there are three certainties in life: death, taxes, and some form of payment fraud. Security reporter Danny Palmer experienced this a little while ago, and has spent a significant amount of time tracking the journey of his card details from the UK to Suriname. His deep-dive confirmed that it is easy to become tangled up in fraud, even if you’re very careful. I myself have experienced one of the more peculiar forms of credit card theft, detailed below.
Surveillance company Palantir has revealed more details about how it contributes to U.S. Immigration and Customs Enforcement deportation operations in a clumsy attempt to prove that it does no such thing.
Today, Microsoft is releasing a new annual report, called the Digital Defense Report, covering cybersecurity trends from the past year. This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware.
Cube Dev, the open-source company behind Cube.js that is building a data platform to help developers by analytical application for both internal and external users, today announced that it has raised a $6.2 million seed round led by Bain Capital Ventures. Previous investors Eniac Ventures, Betaworks, Innovation Endeavors and Slack Fund also participated, in addition to new investors Uncorrelated Ventures and Overtime.vc.
—–BEGIN PGP SIGNED MESSAGE—–
—–BEGIN PGP SIGNED MESSAGE—–