Microsoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero cryptocurrency in Kubernetes cluster environments. Kubeflow is a popular open-source framework often used for running machine learning tasks in Kubernetes. TensorFlow, on the other hand, is an open-source machine learning platform used for implementing machine learning in a Kubernetes environment.

This is a guest post collaboration between Squadcast & Threat Stack. The move to the cloud has rapidly expanded the cyber threat surface of modern cloud apps. This blog in partnership with Threat Stack, outlines how you can stay on top of your game with help of context-rich alerting & resolve security incidents rapidly along with few best practices to follow for faster incident response.

At Elastic, we internally use, test, and provide feedback on all of our products. For example, the Information Security team is helping the Product team build a stronger solution for our customers. The InfoSec team is an extremely valuable resource who acts not only as an extension of Quality Assurance/Testing, but also as a data custodian.

2020 was a challenging year for modern enterprises. In under a year, we experienced a decade's worth of transformation while a global pandemic raged on. And while the worst of COVID-19 will hopefully soon be behind us, the need to continuously transform our digital environment is unequivocally here to stay. We've already seen an example of this, thanks to a significant increase in data generated from across the business.

For the seventh instalment in our series of interviews asking leading technology specialists about their achievements in their field, we’ve welcomed the CEO of Transmosis, Chase Norlin to share his journey in the field of cybersecurity as well as his recommendations for those looking to start their career in cybersecurity.

Today, it’s more important than ever to secure your critical infrastructure. You just have to look at some of the large cyberattacks that occurred this year to understand why. In 2020, 80.7% of organizations suffered at least one successful cyberattack, and 35.2% suffered six or more. You must follow best practices to avoid being one of these victims.

Secrets management plays a critical role in keeping your pipelines and applications secure. While secrets management tools help, you need to implement best practices and processes to successfully manage secrets in a DevOps environment. Standardizing, automating and integrating these processes also helps secure secrets by reducing the chance of human error.

We’re extremely excited to announce we’ve agreed to acquire Vdoo, a leading, Israeli-based product security company with its roots in binaries and IoT/devices. Vdoo’s team and entire technology portfolio will be incorporated into JFrog, delivering a solution that truly unifies development and security teams with a holistic security approach.

Sunblock: Check. Life vest: Check. Zero trust security: Wait, what? Summer gives us all a little breathing room and a chance to relax. This summer, perhaps more than any other in our lifetimes, we’re all looking forward to loosening up. As we get a hint of normalcy, or at least what “normal” is going to look like now that we’re in the Everywhere Workplace, many people are letting their guards down. We want folks to relax. We really do.

Security and IT teams may be loathe to admit it, but security has historically been mostly a reactive affair. Security engineers monitored for threats and responded when they detected one. They may have also taken steps to harden their systems against breaches, but they didn’t proactively fight the threats themselves. That is changing as more and more teams add threat hunting as one pillar of their cybersecurity strategies.