New Year's Surprise: Cybersecurity M&A, Funding Activity Snowballs in Q4 | Container Verification Bug Affects Kubernetes

Concerns about recessionary trends impacting the cybersecurity sector in 2022 remained largely unfounded in Q4, as investment activity surged after a Q3 slowdown. [TechWeb]( Follow Dark Reading: [RSS]( December 29, 2022 LATEST SECURITY NEWS & COMMENTARY [New Year's Surprise: Cybersecurity M&A, Funding Activity Snowballs in Q4]( Concerns about recessionary trends impacting the cybersecurity sector in 2022 remained largely unfounded in Q4, as investment activity surged after a Q3 slowdown. [Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes]( A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware. [Internet AppSec Remains Abysmal & Requires Sustained Action in 2023]( A variety of initiatives — such as memory-safe languages and software bills of materials — promise more secure applications, but sustained improvements will require that vendors do much better, researchers agree. [Inside the Next-Level Fraud Ring Scamming Billions Off Holiday Retailers]( "Largest attack of its kind": A potent Southeast Asian e-commerce fraud ring has declared war on US retailers, targeting billions in goods in just the past month and forcing mules into its scheme. [Google: With Cloud Comes APIs & Security Headaches]( APIs are key to cloud transformation, but two Google surveys find that cyberattacks targeting them are reaching a tipping point, even as general cloud security issues abound. [Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses]( With a recession potentially coming, some companies are cutting security teams. But moving more infrastructure to the cloud and reducing the number of vendors through consolidation may be the best ways to prepare. [After the Uber Breach: 3 Questions All CISOs Should Ask Themselves]( How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward. [The Threat of Predictive Policing to Data Privacy and Personal Liberty]( Inaccurate information from data brokers can damage careers and reputations. It's time for US privacy laws to change how law enforcement and legal agencies obtain and act on data. [Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion]( To stay safer, restrict access to data, monitor for breaches in the supply chain, track relevant data that is sold on the Dark Web, and implement best safety practices. [Why Cyber Pros and Forensic Accountants Should Work Together to Mitigate Security Risk]( It's time companies build a multilayered approach to cybersecurity. [Threat Modeling in the Age of OpenAI's Chatbot]( New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Name That Toon: Kiss and Tell]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. ['Sextortion,' Business Disruption, and a Massive Attack: What Could Be in Store for 2023]( Our growing interconnectedness poses almost as many challenges as it does benefits. [MORE]( EDITORS' CHOICE [Will the Crypto Crash Impact Cybersecurity in 2023? Maybe.]( Will the bottom falling out of the cryptocurrency market have a profound impact on cybercriminal tactics and business models? Experts weigh in on what to expect. LATEST FROM THE EDGE [Why Attackers Target GitHub, and How You Can Secure It]( The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain. LATEST FROM DR TECHNOLOGY [Security Is a Second-Class Citizen in High-Performance Computing]( Vendors and operators attempt to balance power and security, but right now, power is the highest goal. WEBINARS - [A Roadmap to Zero Trust: Steps for Meaningful Progress Amongst the Hype]( Join this webinar as our Zero Trust experts discuss "quick wins" like: --Enforcing strong multifactor authentication and Zero Trust policies for critical applications. --Closing inbound ports open to the Internet. --Areas not always included in the Zero Trust conversation, like ... - [Network Segmentation and Microsegmentation: Keys to the Next Generation of Enterprise Defense]( Stolen credentials allow attackers to move laterally within the IT environment to steal information and cause damage - all the while looking like a legitimate user. Or a ransomware attack tries to encrypt as many systems as possible to hold ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc.]( [Kaspersky Research Finds Reverse Engineering Is the Most On-Demand Skill Among InfoSec Specialists]( [Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cybersecurity Book for Children]( [Heartland Alliance Provides Notice of Data Security Incident]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)