Captain's Log, Stardate 2021.04.16

April 16, 2021 | IN Blog, Cyber Asset Visibility and Management | Mark Miller BY Mark Miller

Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

Sabotage at Iranian Nuclear Plant Was Likely Meant to Permanently Damage Centrifuges | Zero Day
Kim Zetter, investigative journalist and author of Countdown to Zero Day, has started her own site, Zero Day. It is worth following if you're interested in, in depth coverage of cyber events through long form journalism. Highly recommended.

Security Bug Allows Attackers to Brick Kubernetes Clusters | Threat Post
A vulnerability in one of the Go libraries that Kubernetes is based on could lead to denial of service (DoS) for the CRI-O and Podman container engines. Tara Seals covers the story in Threat Post, along with commentary on the announcement from Palo Alto Networks.

Pandemic Pushes Bot Operators to Redirect Efforts | DARKReading
Robert Lemos has an interesting observation when it comes to bot activity during the pandemic. The focus of bot creators has moved from travel, lodging and concerts to ecommerce, healthcare and government sites. As an example, he points out that "bots account for 35% of the traffic to healthcare sites". 

3 Key Cybersecurity Trends To Know For 2021 | Forbes
Expanded cyber attack surface, ransomware as a cyber weapon of choice, threats against critical infrastructure... Chuck Brooks outlines major concerns for the coming year (and beyond). As he states in the article, "The most important tasks based on analyzing trends is to be have a mitigation strategy, be vigilant, try to fill gaps, and learn from lessons of the recent cyber-breaches."

Two Truths And A Lie About Cloud Security | JupiterOne
Cloud technology saved many businesses from catastrophe during this past year, but it’s also introduced additional challenges to security, compliance, and governance practices. Ashleigh Lee covers the cloud security skills gap, technology sprawl, and myth behind "compromise is mandatory".