What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-11-12 16:04:56 | How to check your Kubernetes YAML files for best practices (lien direct) | Jack Wallen shows you how to install a YAML linter that helps you craft container and pod manifests that adhere to best practices. | Uber | ||
 |
2020-11-10 12:00:00 | Who\'s Still Covered by California\'s Gig Worker Law? (lien direct) | Uber and Lyft led a ballot measure that exempts them from AB 5. But millions of janitors, retail workers, and others are still covered by the statute. | Uber | ||
|
2020-11-04 21:04:54 | With $200 Million, Uber and Lyft Write Their Own Labor Law (lien direct) | Following a well-funded campaign, California voters approved Proposition 22-allowing gig economy companies to keep treating workers as independent contractors. | Uber | ||
 |
2020-10-30 18:17:41 | 5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy (lien direct) | Organizations and security incidents in Kubernetes environments, these are 5 key components of the control plane that demand special attention Organizations are no strangers to security incidents in their Kubernetes environments. In its State of Container and Kubernetes Security Fall 2020 survey, StackRox found that 90% of respondents had suffered a security incident in their […] | Uber | ||
 |
2020-10-29 13:04:48 | A Software Security Checklist Based on the Most Effective AppSec Programs (lien direct) |  Veracode???s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams.
As the presenters went through the data, it led to a larger discussion about AppSec best practices and what steps organizations can take to mature their programs. Here are the best practices laid out during the presentation as an easy-to-follow checklist as well as supporting data from the ESG report.
Application security controls are highly integrated into the CI/CD toolchain.
In the ESG survey, 43 percent of organizations agreed that DevOps integration is most important to improving AppSec programs, but only 56 percent of respondents answered that they use a highly integrated set of security controls throughout their DevOps process. Integrating security measures into the CI/CD toolchain not only makes it easier for developers to run AppSec tests, but it also helps organizations discover security issues sooner, which speeds up time to deployment.
Application security best practices are formally documented.
In order to have a successful AppSec program, everyone needs to be on the same page regarding best practices. The CISO should help facilitate the formal documentation of AppSec best practices. Developers and security professionals can reference the list and use it to guide their decisions.
Application security training is included as part of the ongoing development security training program.
Developers have been increasingly tasked with implementing security measures, including writing secure code and remediating vulnerabilities. Most developers don???t receive secure code training courses in college, so it is up to organizations to offer security training. But according to the survey, more than 20 percent of organizations only provide training when developers join the team.
Developers should have multiple, at-leisure training opportunities throughout the year, like virtual or hands-on programs ??? such as Veracode Security Labs. Chris Wysopal pointed out the importance of human touchpoints as part of ongoing developer training. If someone is checking in on developers to make sure they???re completing their training, they???ll likely take it more seriously. Consider a security champions program. The security champions are developers who have an interest in learning about security. If you have at least one security champion on every scrum team, that person can help ensure that their peers are up to speed on the latest security training and best practices.
Ongoing developer security training includes formal training programs, and a high percentage of developers participate.
At-leisure security training is a great way for developers to learn on their own time. But it is also important to implement formal security training with a set completion date and a skills assessment. Without formal security training, developers may not develop the skills they need to write secure code and remediate vulnerabilities. This could lead to slower and more expensive deployments because of rework or vulnerable code being pushed to production.
Accordin |
Tool Vulnerability Guideline | Uber | |
|
2020-10-26 10:48:20 | Microsoft Azure: This new technology allows you to manage Kubernetes containers across the hybrid cloud (lien direct) | Kubernetes applications can now exploit the cluster and virtualisation technologies that power Azure Stack HCI while still respecting local data. | Uber | ||
|
2020-10-21 19:19:33 | 94% of organizations run into Kubernetes challenges (lien direct) | Despite issues, a new report from D2iQ predicts production projects using Kubernetes will rise 61% in the next two years. | Uber | ||
|
2020-10-20 11:00:00 | The Fate of Gig Workers Is in the Hands of California Voters (lien direct) | A ballot measure would create a new classification for people who have been contractors. Uber and Lyft threaten to leave the state if it fails. | Uber | ||
 |
2020-10-19 11:00:00 | PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options (lien direct) | This blog was written by an independent guest blogger. Organizations are increasingly turning to Kubernetes, but they’re having trouble balancing security in the process. In its State of Container and Kubernetes Security Fall 2020 survey, for instance, StackRox found that 91% of respondents were using Kubernetes to orchestrate their containers and that three quarters of organizations were using the open-source container-orchestration system in production. Even so, nine in 10 respondents told StackRox in its poll that they had experienced a security event in their container and Kubernetes environment in the last 12 months. Two-thirds of organizations said those incidents had involved a misconfiguration. These findings highlight the need for organizations to enhance the security of their Kubernetes environments against misconfiguration incidents. In this blog post, we’ll narrow our focus and discuss how one type of misconfiguration in particular—embracing default pod communication—endangers organizations’ security. We’ll then discuss how organizations can use either Pod Security Policies (PSPs) or OPA Gatekeeper to ensure the security of their pods. Understanding the Security Challenges of Pod Communication To understand the security challenges inherent in default Kubernetes pod communication, it’s important that we first define what a pod is and does. Pods consist of one or more containers, shared storage/network resources and specifications for running those containers, according to the Kubernetes website. When framed in Docker terms, pods act as groups of Docker containers that share namespaces and filesystem volumes. These small computing units help organizations to group containers together and have these resources collaborate on specific projects or sets of work. Where organizations run into challenges is the way in which pods communicate by default. As noted elsewhere on Kubernetes website, the standard configuration for pods is non-isolated in that they are capable of accepting traffic from any source. This is a problem, as this type of open communication potentially enables malicious actors to abuse the Kubernetes environment for nefarious purposes. Digital attackers could stage an attack in which they create a malicious container and use that to compromise its corresponding pod, for instance. That actor could then abuse unrestricted communication between pods to move laterally throughout the Kubernetes environment, deploying cryptominers and installing infostealing malware along the way. Using Security Context to Address These Challenges Fortunately, organizations can address these security challenges associated with pods using what are known as security contexts. Kubernetes notes on its site that security contexts function as configurations that help to define the security properties of a pod or a container. These configurations include access controls that govern who can access a pod or container and whether a Kubernetes resource is privileged. With the right security contexts, organizations can therefore prevent unauthorized actors from gaining access to a container, from elevating privileges on a compromised resource and from moving laterally on the network. Enforcing Security Context with Pod Security Policies When it comes time to enforce a security context, organizations may choose to use pod security policies (PSPs). These cluster-level resources manage the specifications under which a pod is allowed to run on a s | Malware | Uber | |
|
2020-10-09 17:50:04 | How to become a Kubernetes expert (lien direct) | Learn how to maximize this popular container management system to meet your organization's needs. | Uber | ||
 |
2020-10-05 03:00:00 | Uber breach case a \'watershed moment\' for CISOs\' liability risk (lien direct) | Since former Uber CSO Joe Sullivan was charged in August with two felonies for failing to report a 2016 breach that exposed 607,000 personal records, CISOs are scrambling to determine their own personal liability for breaches in their organizations. The charges - obstruction of justice and misprision of a felony (failure to report a crime) - carry with them the potential of jail time of up to five years and three years, respectively. | Uber | ||
|
2020-09-28 13:00:01 | How to transition a developer career into Kubernetes (lien direct) | Developers wanting to upskill, or possibly even tackle a new job can make the shift into the automated container deployment, scaling, and management of Kubernetes. | Uber | ||
|
2020-09-22 11:00:00 | Why misconfigurations are such an issue in your containers and Kubernetes (lien direct) | This blog was written by an independent guest author. Organizations are increasingly incorporating containers and Kubernetes into their IT infrastructure. As reported by ZDNet, Flexera’s “2020 State of the Cloud Report” found that about two-thirds (65%) of organizations were using Docker and that another 14% intended to begin using it at some point. Slightly fewer organizations (58%) were using Kubernetes at the time of the survey, by comparison, with 22% of participants saying they planned to adopt it. Even so, misconfigurations with both containers and Kubernetes are posing a problem. StackRox’s “State of Kubernetes and Container Security Winter 2020” report found that nearly all (94%) of respondents had experienced a security incident in their container environments over the past 12 months, per Security magazine’s coverage. The majority (69%) of those security events amounted to a misconfiguration incident, followed by runtime issues and vulnerabilities at 27% and 24%, respectively. In keeping with those experiences, 61% of survey participants cited misconfigurations as their most worrisome security risk for their container and Kubernetes environments followed by vulnerabilities (27%) and runtime attacks (12%). These findings beg the question: why are misconfigurations such an issue for organizations’ Kubernetes and container environments? This blog post will answer this question by first defining containers and Kubernetes and explaining the benefits of each technology. It will then explore how misconfigurations open the door for attacks from malicious actors. Finally, it will briefly provide a few recommendations on how organizations can reduce the probability of suffering a misconfiguration incident. Why use containers and Kubernetes? According to CIO, a container contains everything that’s needed to run a software program. It includes an application along with its dependencies, libraries and other components. Bundling these components together enables a container to run regardless of the system’s OS distribution or the underlying infrastructure. Those aren’t the only benefits of containers, either. Containers might be only tens of megabytes in size, for instance. A server can therefore host more containers than virtual machines, notes CIO, as a virtual machine consists of an entire OS that might be several gigabytes in size. Consequently, virtual machines usually take several minutes to boot up and begin running, while containers can run almost instantly. This quality makes containers more dynamic in that organizations can spin them up and wind them down at a moment’s notice. Finally, organizations can take advantage of containers’ smaller size and dynamism to split an application into several modules that extend across several containers. Under this approach, developers can make changes to a module and deploy them without needing to redesign the whole app. As the number of containers grows, organizations need some way of managing them all in an organized fashion. That’s where Kubernetes comes in as an orchestration platform. Per its website, Kubernetes enables organizations to manage their containerized workloads and services. It allows organizations to load balance and distribute network traffic in order to stabilize a deployment. It also enables organizations to restart containers that fail and kill those | Malware | Uber | |
|
2020-09-21 12:00:00 | Could a Century-Old TB Shot Protect Against Other Respiratory Diseases? (lien direct) | A trial in Greece shows a long-used tuberculosis vaccine may cut respiratory infections, raising hopes for similar protection against Covid-19. | Uber | ||
|
2020-09-17 20:20:31 | How to easily deploy LAN-accessible pods to a Kubernetes cluster (lien direct) | If deploying a LAN-accessible pod to a Kubernetes cluster has you pulling out your hair, let Jack Wallen show you how easy it actually is. | Uber | ||
|
2020-09-17 18:55:26 | Why Wasn\'t Uber Charged in a Fatal Self-Driving Car Crash? (lien direct) | Authorities charged the vehicle's "safety driver" with criminal negligence, but not the company that developed the technology. | Uber | ||
|
2020-09-15 19:14:39 | Anime Avatars Are Going Mainstream on Twitch (lien direct) | Vtubers have racked up millions of subscribers-and even established stars like Pokimane have given the motion-capture medium a try. | Uber | ||
|
2020-09-11 16:00:00 | It\'s Not Easy Being a BookTuber (lien direct) | Daniel Greene, who makes a living through his YouTube channel, recently started a podcast. It's a respite from the video sites analytics. | Uber | ||
 |
2020-09-09 01:23:41 | Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor (lien direct) | A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research.
"To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure," Israeli cybersecurity firm Intezer said |
Uber | ||
|
2020-09-08 15:30:00 | Uber Pledges to Go All-Electric, but It Doesn\'t Own the Cars (lien direct) | The ride-hail company joined rival Lyft with a “Green” pledge. It's counting on incentives to encourage drivers to switch to battery power. | Uber | ||
 |
2020-09-02 10:00:00 | Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them) (lien direct) | By following best practices and prioritizing critical issues, you can reduce the chances of a security breach and constrain the blast radius of an attempted attack. Here's how. | Uber | ||
|
2020-09-01 17:43:50 | What you need to know about Kubernetes (lien direct) | Jack Wallen offers up some advice to those who are considering diving into deep waters of Kubernetes. | Uber | ||
 |
2020-08-28 16:47:49 | The Uber CSO indictment (lien direct) | Mark Rasch, who created the Computer Crime Unit at the United States Department of Justice, has an essay, “Conceal and Fail to Report – The Uber CSO Indictment.” The case is causing great consternation in the InfoSec community partly because it is the first instance in which a CSO or CISO has been personally held… | Uber | ||
|
2020-08-25 15:56:42 | How to limit CPU ranges in a Kubernetes pod (lien direct) | If you have containers gobbling up too much of your Kubernetes cluster CPU, Jack Wallen shows you how to limit the upper and lower ranges. | Uber | ||
|
2020-08-24 15:21:46 | Former Uber Security Chief Charged With Paying Hush Money To Cover Up 2016 Hack (lien direct) | As reported by The Verge, Uber's former security chief has been charged with obstruction of justice for trying to hide a data breach from the Federal Trade Commission and Uber management, according to a statement from the Department of Justice. Joseph Sullivan, who was Uber's chief security officer from April 2015 to November 2017, allegedly concealed … The ISBuzz Post: This Post Former Uber Security Chief Charged With Paying Hush Money To Cover Up 2016 Hack | Data Breach Hack | Uber | |
|
2020-08-24 03:38:10 | Expert Commentary: Uber Covers-up Ransom Payment For PII Of 57M Drivers (lien direct) | Today, the Department of Justice issued a release disclosing the charges of Former Uber CISO Joseph Sullivan. The charges result from Sullivan's attempt to cover up paying out a ransom, requested by malicious hackers after obtaining access to and downloading Uber's database containing personally identifying information associated with approximately 57 million Uber users and drivers, in the … The ISBuzz Post: This Post Expert Commentary: Uber Covers-up Ransom Payment For PII Of 57M Drivers | Uber | ||
 |
2020-08-21 15:52:23 | L\'ancien chef de la sécurité d\'Uber accusé d\'avoir dissimulé un piratage informatique (lien direct) | L'ancien responsable de la sécurité du service Uber accusé d'avoir tenté de dissimuler aux enquêteurs fédéraux le piratage et la fuite de données de 2016. 57 millions de fiches utilisateurs étaient parties dans les mains de pirates informatiques.... | Uber | ||
|
2020-08-21 15:46:10 | A Former Uber Exec\'s Indictment Is a Warning Shot (lien direct) | Prosecutors allege that former Uber security chief Joseph Sullivan covered up a major breach, in the first high-profile case of its kind. | Uber | ||
 |
2020-08-21 10:04:22 | Uber ex-security boss accused of covering up hack attack (lien direct) | Joseph Sullivan has been charged with obstruction of justice in the US over a 2016 data breach. | Hack | Uber | |
|
2020-08-20 21:25:00 | Uber and Lyft Win a Reprieve, and Won\'t Quit California-for Now (lien direct) | An appeals court delayed a requirement that the companies treat drivers as employees. Voters will ultimately decide through a November ballot measure. | Uber | ||
 |
2020-08-20 20:51:02 | Former Uber CSO charged for 2016 hack cover-up (lien direct) | DOJ officials say former Uber CSO Joe Sullivan lied to management about the security breach and paid hush money to the hackers. | Hack | Uber | |
|
2020-08-20 16:30:00 | Former Uber CSO Charged in Hack Cover-up (lien direct) | The charges stem from a 2016 attack in which 57 million records were breached. | Hack | Uber | |
|
2020-08-20 14:39:35 | Former Uber Security Chief Charged Over Covering Up 2016 Data Breach (lien direct) | The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016.
According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that also |
Data Breach Guideline | Uber | |
|
2020-08-20 12:00:00 | What Happens If Uber and Lyft Flee California? Look at Austin (lien direct) | The ride-hail services are threatening to stop service in the Golden State to protest a judge's ruling. They did something similar in Texas in 2016. | Uber | ||
|
2020-08-07 00:53:29 | Uber\'s Now a Food Delivery Company-and It\'s Still Losing Money (lien direct) | The pandemic has slashed demand for rides and boosted orders for UberEats. Neither segment is profitable. | Uber | ||
|
2020-08-04 21:36:48 | UberEats data leaked on the dark web (lien direct) | Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process […] | Data Breach Threat | Uber | |
|
2020-07-31 23:17:39 | How Diamanti wants to bridge Kubernetes into the cloud (lien direct) | Commentary: Diamanti started off as a way to make on-premises Kubernetes deployments sing. Now it's aiming to extend that to the cloud. | Uber | ||
|
2020-07-30 11:43:00 | US prosecutors seek years in prison for Uber self-driving exec who stole Google trade secrets (lien direct) | Anthony Levandowski pleaded guilty and has recently filed for bankruptcy. | Guideline | Uber | |
|
2020-07-29 17:25:24 | How to deploy a multi-container pod to a Kubernetes cluster (lien direct) | Jack Wallen shows you how to deploy a pod that contains two interactive containers to a Kubernetes cluster. | Uber | ||
|
2020-07-26 11:00:00 | California\'s Air Pollution Cops Are Eyeing Uber and Lyft (lien direct) | A proposal would require 60 percent of ride-hail miles to be in electric vehicles by 2030. And the companies are on board. | Uber | ||
 |
2020-07-25 05:22:55 | CarryMinati\'s YouTube Channel Hacked To Stream Bitcoin Scam (lien direct) | Popular Indian roaster and streamer on YouTube, Ajey Nagar, aka CarryMinati is the latest victim of the ongoing BitCoin hack scandal. The hack happened on the second channel of CarryMinati, which goes by the name of CarryisLive, where he streams himself playing video games, often with other YouTubers and celebrities. Just a week ago in […] | Hack | Uber | |
|
2020-07-24 14:56:14 | Linux Foundation offering Kubernetes certifications courses and exams as demand spikes (lien direct) | Since October 2015, the share of Kubernetes jobs per million grew by 2,141%, while the share of Kubernetes job searches increased 2,125%. | Uber | ||
|
2020-07-23 16:51:23 | How to use cron with Kubernetes to schedule tasks (lien direct) | If you've ever needed to schedule a single or recurring task in your Kubernetes clusters, it's just a cronjob away. Jack Wallen shows you how. | Uber | ||
 |
2020-07-23 11:22:16 | Twilio\'s SDK Compromised by Attackers (lien direct) | Twilio is a cloud communications platform as a service (CPaaS) company that enables communications for over 40,000 companies including Twitter, Netflix, Uber, Airbnb and many more. It allows developers to add various communication tools such as voice, video, and messaging as well as authentication capabilities. However, BleepingComputer has reported that hackers had infiltrated Twilio’s TaskRouter […] | Uber | ||
|
2020-07-23 07:46:55 | Twilio\'s SDK Compromised by Attackers – Expert Reaction (lien direct) | Twilio, a cloud communications platform as a service (CPaaS) company, disclosed that attackers compromised its TaskRouter JS SDK after gaining access to one of its misconfigured Amazon AWS S3 buckets. This left the SDK’s path publicly readable and writable since 2015. Twilio's customers include Twitter, Netflix, Uber, Shopify, Morgan Stanley, Airbnb, and others. The ISBuzz Post: This Post Twilio’s SDK Compromised by Attackers – Expert Reaction | Uber | ||
|
2020-07-20 15:00:00 | The Terrible Consequences of Australia\'s Uber-Bushfires (lien direct) | Scientists calculate that the unprecedented wildfires burned 37,500 square miles. For already-endangered species, the conflagration may have spelled doom. | Uber | ★★★ | |
|
2020-07-20 07:14:47 | Uber drivers demand to see algorithms, data that determines their working lives (lien direct) | The court case claims increased data transparency is necessary to prevent discriminative practices. | Uber | ||
 |
2020-07-16 13:45:26 | Twitter Platform Compromise (lien direct) | Introduction A large number of high-profile Twitter accounts have been taken over on Wednesday in what seems to be a social engineering attack against some of Twitter’s employees. This included the accounts of Barack Obama, Joe Biden, Elon Musk, as well as the official accounts of Uber, Apple, and cryptocurrency exchanges. The compromised accounts were… | Uber | ||
|
2020-07-16 13:44:18 | Twitter Accounts Of Obama, Musk, Gates, Bezos, Apple And Others \'Hacked\' In Bitcoin Scam (lien direct) | In a major high-profile Twitter hack, accounts of U.S. presidential candidate Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Barack Obama, Uber, Apple, and more, were compromised on Wednesday, in an apparent effort to promote a Bitcoin scam. The tweet sent from hacked high-profile accounts urged their followers to send $1,000 in Bitcoin to a […] | Uber | ||
|
2020-07-15 22:11:20 | Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time (lien direct) | Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history.
A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a |
Hack | Uber |
To see everything:
Our RSS (filtrered)
