Majority of Kubernetes API Servers Exposed to the Public Internet

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers. [TechWeb]( Follow Dark Reading: [RSS]( May 20, 2022 LATEST SECURITY NEWS & COMMENTARY [Majority of Kubernetes API Servers Exposed to the Public Internet]( Shadowserver Foundation researchers find 380,000 open Kubernetes API servers. [Pro-Russian Information Operations Escalate in Ukraine War]( In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says. [Phishing Attacks for Initial Access Surged 54% in Q1]( For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows. [6 Scary Tactics Used in Mobile App Attacks]( Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene. [Deadbolt Ransomware Targeting QNAP NAS Devices]( QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet. [DoJ Won't Charge 'Good Faith' Security Researchers]( Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How to Turn a Coke Can Into an Eavesdropping Device]( Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby. [Critical VMware Bug Exploits Continue, as Botnet Operators Jump In]( A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell. [How Threat Actors Are a Click Away From Becoming Quasi-APTs]( As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare. [MORE]( EDITORS' CHOICE [MITRE Creates Framework for Supply Chain Security]( System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers. LATEST FROM THE EDGE [You Can't Opt Out of Citizen Development]( To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise. LATEST FROM DR TECHNOLGY [New Open Source Project Brings Consistent Identity Access to Multicloud]( Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment. Tech Resources - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [5 Critical Cyber Range Exercises from the Experts]( - [The Case for Cyber Risk Management Platforms]( - [What is a data vault? Why do you need it?]( - [Protecting Medical Device IP From Cybersecurity Threats]( - [Best Practices for Application Security in the Cloud]( - [AppSec Shift Left Progress Report]( [ACCESS TECH LIBRARY NOW]( - [Implementing and Using XDR to Improve Enterprise Cybersecurity]( Security operations teams are taking a hard look at extended detection and response tools - XDR - as a means of collecting and analyzing threat data and identifying cyber attacks faster and more efficiently. But exactly how does XDR technology ... - [Implementing Zero Trust in Your Enterprise]( Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ... [MORE WEBINARS]( FEATURED REPORTS - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... [MORE REPORTS]( CURRENT ISSUE [Incorporating a Prevention Mindset into Threat Detection and Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam]( [Dig Exits Stealth With $11M for Cloud Data Detection and Response Solution]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)