Security Leftovers
IoT malware up over 200 percent in 2018 [Ed: Measuring the wrong thing. Many of these are installed because of open ports and improper passwords.]
Security updates for Friday
Pivotal Cloud Foundry 2.4 Boosts Security With Compliance Scanner
Pivotal is releasing version 2.4 of its Pivotal Cloud Foundry (PCF) platform on Dec. 20, providing organizations with a host of new capabilities to manage and deploy cloud-native applications.
PCF is Pivotal's commercial distribution, based on the open-source Cloud Foundry project, which provides platform-as-a-service (PaaS) capabilities for applications. In the PCF 2.4 update, Pivotal is adding zero downtime updates for application deployments, enabling organizations to roll out upgrades without downtime. PCF 2.4 also introduces a new compliance scanner in beta that will enable organizations to validate that the configuration of PCF deployments meets best practices.
"We now have the ability to have zero downtime updates for the applications and the platform, and we're doing that everywhere, whether you're running vSphere or in OpenStack, GCP or AWS," Richard Seroter, vice president of product at Pivotal, told eWEEK. "We're highlighting the idea that you should be able to really go fast for all workloads on any infrastructure without sacrificing operability or security."
Security operations activities to watch in 2019
Open-source software and industry initiatives, such as MITRE ATT&CK framework and Apache Kafka, will contribute to security operations in 2019.
Tokeny Releases Open Source T-REX Security Token Standard With Decentralized Validation System
Tokeny, a tokenization platform which focuses on compliance, has officially released the open source T-REX (Token for Regulated Exchanges) security token standard. It was designed to allow for the initial issuance and secondary market trading of security tokens in a compliant manner with a specific focus on trusted third-party KYC and AML services.
Recent open source flaw highlights danger of social engineering hacks
When a compromised NPM package with malicious code targeted a popular bitcoin wallet, hackers managed to corrupt one of the JavaScript modules, called event-stream, used as part of the Copay bitcoin wallet application. The hackers would have been able to drain bitcoin wallets, although there is no evidence it was activated before it was discovered.
