| AWS |
AWS News Blog |
Announcing AWS Graviton2 Support for AWS Fargate – Get up to 40% Better Price-Performance for Your Serverless Containers |
https://aws.amazon.com/blogs/aws/announcing-aws-graviton2-support-for-aws-fargate-get-up-to-40-better-price-performance-for-your-serverless-containers/
|
Announcing AWS Graviton Support for AWS Fargate Get up to Better Price Performance for Your Serverless ContainersAWS Graviton processors are custom built by AWS using bit Arm Neoverse cores to deliver the best price performance for your cloud workloads running in Amazon Elastic Compute Cloud Amazon EC They provide up to percent better price performance over comparable x based instances for a wide variety of workloads Many of our customers such as Intuit SmugMug … |
2021-11-23 18:49:46 |
| AWS |
AWS Big Data Blog |
Security considerations for Amazon Redshift cross-account data sharing |
https://aws.amazon.com/blogs/big-data/security-considerations-for-amazon-redshift-cross-account-data-sharing/
|
Security considerations for Amazon Redshift cross account data sharingData driven organizations recognize the intrinsic value of data and realize that monetizing data is not just about selling data to subscribers They understand the indirect economic impact of data and the value that good data brings to the organization They must democratize data and make it available for business decision makers to realize its … |
2021-11-23 18:03:25 |
| AWS |
AWS Security Blog |
AWS Security Profiles: Merritt Baer, Principal in OCISO |
https://aws.amazon.com/blogs/security/aws-security-profiles-merritt-baer-principal-in-ociso/
|
AWS Security Profiles Merritt Baer Principal in OCISOIn the week leading up AWS re Invent we ll share conversations we ve had with people at AWS who will be presenting and get a sneak peek at their work How long have you been at Amazon Web Services AWS and what do you do in your current role I m a Principal in the Office of … |
2021-11-23 18:18:06 |
| AWS |
AWS |
AWS Industry Insider - Agriculture - Dr. Karen Hildebrand |
https://www.youtube.com/watch?v=V0i2t9l7VrA
|
AWS Industry Insider Agriculture Dr Karen HildebrandAWS Industry Technical Leadership represents our Amazon Leadership Principles Earn Trust and Customer Obsession They listen attentively speak candidly and treat others respectfully They work vigorously to earn and keep customer trust by aiming to deeply understand our customers and their problems which translates to unique meaningful and industry changing technical solutions Join a team of peers like Technical Leader Dr Karen Hildebrand Agriculture and help us contribute to our customers success awscareersSubscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster AWS AmazonWebServices CloudComputing |
2021-11-23 18:40:11 |
| AWS |
AWS Security Blog |
AWS Security Profiles: Merritt Baer, Principal in OCISO |
https://aws.amazon.com/blogs/security/aws-security-profiles-merritt-baer-principal-in-ociso/
|
AWS Security Profiles Merritt Baer Principal in OCISOIn the week leading up AWS re Invent we ll share conversations we ve had with people at AWS who will be presenting and get a sneak peek at their work How long have you been at Amazon Web Services AWS and what do you do in your current role I m a Principal in the Office of … |
2021-11-23 18:18:06 |
| python |
Pythonタグが付けられた新着投稿 - Qiita |
Pythonの自動インストール手順(Windows) |
https://qiita.com/hrys1152/items/dcfcdef941fe8c8108ba
|
Pythonの自動インストール手順Windows概要Windows環境へのPythonインストールを行う場合は主に下記のつから選ぶ場合が多いと思う。 |
2021-11-24 03:15:45 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
ADO.net Accdbファイルのデータテーブルの主キーフィールドが確認出来ません。 |
https://teratail.com/questions/370719?rss=all
|
ADOnetAccdbファイルのデータテーブルの主キーフィールドが確認出来ません。 |
2021-11-24 03:41:13 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
linuxのインストールについて |
https://teratail.com/questions/370718?rss=all
|
linux |
2021-11-24 03:13:59 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
YouTube でのユーザ情報取得方法 |
https://teratail.com/questions/370717?rss=all
|
YouTubeでのユーザ情報取得方法YouTubeの動画からコメントしている試聴しているユーザ情報の男女比率年齢を知りたいのですが、特にそれにあったAPIがあるわけではない、取れるスクレイピング場所もありません。 |
2021-11-24 03:07:38 |
| 海外TECH |
Ars Technica |
Wear OS shoots up the market-share charts, now in striking distance of Apple |
https://arstechnica.com/?p=1815222
|
samsung |
2021-11-23 18:04:45 |
| 海外TECH |
MakeUseOf |
The 7 Best Productivity Apps to Support Your Remote Team |
https://www.makeuseof.com/productivity-apps-support-remote-team/
|
productivity |
2021-11-23 18:31:24 |
| 海外TECH |
MakeUseOf |
How to Fix a Beeping Bluetooth Headset on Windows |
https://www.makeuseof.com/bluetooth-headphone-beep-sound-windows/
|
windows |
2021-11-23 18:16:12 |
| 海外TECH |
DEV Community |
What is OpenAPI ? - OpenAPI [1] |
https://dev.to/adaendra/what-is-openapi-openapi-1-404e
|
What is OpenAPI OpenAPI OpenAPI known as Swagger before is a standard to declare Restful API But why should I use it In the current context when we are working with APIs no matters of the language used we want to have a clean documentation and be able to share a complete documentation of the API to our consumers With OpenAPI you will be able to describe all the exposed routesall the operations for each routethe headersthe bodyall the responses which can be returnedand add a lot of details like the kind of each values some example some regex which must match enumeration of value allowed And with the swagger editor or some plugins Swagger UI you add show it properly to allow non technical people to read it easily Ok it s great for consumers but as a dev is there other pros Yes Code GeneratorWith an OpenAPI contract you can generate some code for you For your consumer it will be all the objects in your bodies or responses For you it will be the same objects and some code generator can create for you all the controllers You can use the Swagger CodeGen or search in the OpenSource OpenAPI generators With this a lot of time is saved especially if you have a lot of objects and or if you update them regularly TestingOtherwise it will be useful for testing OpenAPI is a standard supported by tools like Postman which will generate for you a collection to be able to call every operations listed in Also it will fill every headers and field in the body with the default values To conclude OpenAPI is a must have for a Restful API project We will see later how to use it I hope it will help you LinksOpenAPI OpenAPI Specification Swagger Editor Swagger UI Swagger CodeGen |
2021-11-23 18:16:58 |
| 海外TECH |
DEV Community |
🤯 Did you know there are F13-F24 keys? 🤯 |
https://dev.to/inhuofficial/did-you-know-there-are-f13-f24-keys-368p
|
Did you know there are F F keys I have been using a computer for years and although I will have stumbled across this at some point it never stuck sank in before There are function keys assigned for keyboards F F That blew my mind What made you re discover this Recently I got a Stream Deck XL and while setting it up I had keyboard combinations clashing across applications and it was driving me round the bend While I was looking through the menu for assigning key combinations I spotted that the Function keys section had F F keys minutes of Googling later and I was gobsmacked that I didn t know this before Keyboards can have up to function keys Anyway now that I knew about these dead keys that nobody uses anymore I had a way of stopping clashes How many extra keys combinations does that give that won t clash When combined with Shift Ctrl and Alt and Windows it gave me keys combinations guaranteed not to clash with anything else on your keyboard or interfere with of software and potentially another keys combinations if I want to use combinations of Shift Ctrl Alt and Windows combined Now I can program keys into my stream deck for global functions and macros that will not clash with anything I currently have set up or shortcuts already set within applications Anyway I just thought it was interesting and I would share it Why Do You Have A Stream Deck You Aren t A Streamer As to why I got a stream deck when I don t stream article coming out next month on that but I can tell you the conclusion now every developer should save up and buy one Anyway a random post for tonight did you know that there were function keys and does anybody own a keyboard that has the F F keys on |
2021-11-23 18:16:10 |
| 海外TECH |
DEV Community |
Black Friday - Sweet deals for developers |
https://dev.to/sm0ke/black-friday-sweet-deals-for-developers-9j3
|
Black Friday Sweet deals for developersHello Coders This article presents a short list with nice deals that might help designers and developers to start commercial projects at a lower budget without compromising the quality Criteria used to build this list Discounts are real and consistent at least Vendors provide FREE versions for ALL discounted productsThe commercial licenses are permissive no footer links The products have a quality above the market average Disclosure This post contains affiliate links If you use these links to buy something no additional cost to you I may earn a commission product or service OFF Creative Tim promo bundles for Bootstrap React and Vue OFF Themesberg UI Kits and FIGMA projects OFF Simmmple single bundle with premium products OFF WrapPixel single bundle with products OFF BootstrapDash Bootstrap Vue and React templates Off AppSeed Only per product Off CodedThemes ALL products Creative Tim OFFThis company provides discounted bundles per technology React Bundle UI Kits Designer Files mo Support Vue Bundle UI Kits Designer Files mo Support Bootstrap Bundle UI Kits Designer Files mo SupportSome FREE products to play with before purchasing anything Soft UI React free Material UI DashboardBlack Dashboard React free React Dashboard k DownloadsVue Material Dashboard free Vue Dashboard k Downloads Themesberg OFF Premium Themes Powered by Bootstrap CSS can be purchased until Nov for Bundle Link BF Themesberg ONLY Popular Free Products Pixel Lite Free Bootstrap UI KITVolt Bootstrap Dashboard TemplateImpact Design System SimmmpleA nice and exclusive digital bundle which contains all of our premium products amp tools that will help you design faster amp easier Bundle Link Simmmple Bundle CodedThemesDiscount available via coupon BF applies on all products React Angular Bootstrap Bundle Link Bootstrap Mega Bundle BootstrapDash OFFBundle of Premium Templates with dashboard layouts UI kits coded in Bootstrap React and Vue Bundle Link BootstrapDash Mega Bundle Popular FREE products Star Admin Free Free Admin dashboardAzia Admin Free Bootstrap Admin templatePurple Vue Admin Free VueJS product WrapPixel OFFThe BF bundle contains Bootstrap Templates Angular Templates React Templates and Vue Templates BF Bundle Link WrapPixel BF OfferFREE products from WrapPixel Severny Bootstrap Dashboard LiteAmple React Dashboard LiteAdminPro VueJs Lite AppSeed OFFPremium seed project crafted by experts in React Django and Flask on top of premium UI Kits ONLY product discounted from Bundle Link AppSeed Black Friday Popular FREE Starters Datta Able Django a nice Django dashboardFlask Volt Open Source flask dashboardFlask Dashboard Argon Simple Flask DashboardThank You Please suggest more sweet deals in the comments |
2021-11-23 18:13:12 |
| Apple |
AppleInsider - Frontpage News |
Driver's license support in Wallet app delayed until 'early 2022' |
https://appleinsider.com/articles/21/11/23/drivers-license-support-in-wallet-app-delayed-until-early-2022?utm_medium=rss
|
Driver x s license support in Wallet app delayed until x early x Apple has delayed the rollout of a new feature that would let users add their driver s licenses or IDs to the Wallet app on iPhones until early Credit AppleThe feature first unveiled at WWDC was initially slated to debut in a handful of states in late The first batch of states included Arizona Georgia Connecticut Iowa Kentucky Maryland Oklahoma and Utah Read more |
2021-11-23 18:47:27 |
| Apple |
AppleInsider - Frontpage News |
Black Friday MacBook Pro deals: Grab exclusive savings on 175 configs (including 2021 models) |
https://appleinsider.com/articles/21/11/23/black-friday-macbook-pro-deals-grab-exclusive-savings-on-175-configs-including-2021-models?utm_medium=rss
|
Black Friday MacBook Pro deals Grab exclusive savings on configs including models Apple s MacBook Pro line is marked down exclusively for AppleInsider readers this week with Black Friday discounts knocking up to off inch inch and inch models in addition to deals on AppleCare and an extra off with Edge Black Friday deals on Apple s MacBook ProUnlocking the Black Friday MacBook Pro deals at Apple Authorized Reseller Adorama can be done in two easy steps Read more |
2021-11-23 18:33:31 |
| Apple |
AppleInsider - Frontpage News |
Apple sues NSO Group over Pegasus iPhone spyware |
https://appleinsider.com/articles/21/11/23/apple-sues-nso-group-over-pegasus-iphone-spyware?utm_medium=rss
|
Apple sues NSO Group over Pegasus iPhone spywareApple has filed a lawsuit against NSO Group a firm known for selling the Pegasus spyware tool used by governments to hack iPhones used by criminals journalists and activists Pegasus is NSO Group s best known spyware tool one that was supposedly meant for use against criminal activity but has been misused against other innocent parties In a bid to try and stop NSO Group from continuing to provide Pegasus to its clients Apple filed a lawsuit on Tuesday against both the group and its parent company Apple wants to hold NSO Group accountable for its surveillance of some Apple users The filing is also seeking an injunction to prevent NSO from using any Apple software services or devices of any sort Read more |
2021-11-23 18:47:18 |
| 海外TECH |
Engadget |
Epic Games buys Harmonix to create 'musical journeys' in 'Fortnite' |
https://www.engadget.com/epic-games-buys-harmonix-184001622.html?src=rss
|
Epic Games buys Harmonix to create x musical journeys x in x Fortnite x Epic Games has acquired Harmonix the studio behind titles like Guitar Hero Rock Band Dance Central and more recently Fuser Financial terms have not been disclosed Epic s vision for Harmonix involves the metaverse In the immediate future the two plan to create “musical journeys and gameplay for Fortnite Turn your speakers UP Harmonix the makers of interactive music experiences including RockBand are joining the Epic Games family Together we will explore new ways for people to enjoy music across the digital world ーEpic Games Newsroom EpicNewsroom November Viewed through that lens Epic s interest in the studio makes a lot of sense Outside of frequent brand collaborations Fortnite is at this point best known for its virtual concerts In the last two years a handful of major artists like Ariana Grande and Travis Scott have drawn a lot of interest to the game In the latter case for example more than people watched Scott s performance concurrently In the meantime Harmonix says it will continue to support its existing slate of games That means Rock Band players can continue to look forward to new DLC and Fuser players can expect the studio to continue hosting events Additionally any game that s currently available through Steam will continue to be sold through Valve s storefront |
2021-11-23 18:40:01 |
| 海外TECH |
Engadget |
The Smithsonian Air and Space Museum will close for at least six months in 2022 |
https://www.engadget.com/smithsonian-air-and-space-museum-closed-renovations-182003676.html?src=rss
|
The Smithsonian Air and Space Museum will close for at least six months in The Smithsonian Air and Space Museum hasn t been open much since the pandemic started but it s already poised to shut its doors again ーif for more positive reasons The Washington Postreports the Smithsonian is closing its flagship National Mall building for at least six months of renovations starting March th The move will maintain the quot continued safety quot of visitors while the museum finishes work on its first new west wing galleries The closure is part of the first phase of a seven year renovation poised to cost over billion The Smithsonian is staggering closures to keep at least some physical museum spaces open during that period including the Steven F Udvar Hazy Center in Virginia which will remain open Some parts of the collection have relocated to other relevant museums in the meantime such as the Museum of African American History and Culture the Museum of Natural History and the Museum of the American Indian The wait could be worthwhile Eight west wing exhibits should launch when the main museum reopens including quot One World Connected quot shown above and spaces touching on the Wright brothers planetary exploration and the Moon Some parts of the renovation are still far from completion The museum will start quot deinstallation quot of the east wing in March and won t complete its upgrade until sometime in If you can live with those limitations though the Air and Space Museum may soon be more relevant and engaging than in the past ーeven if you ve visited relatively recently |
2021-11-23 18:20:03 |
| 海外TECH |
Engadget |
Apple sues NSO Group over state-backed spyware |
https://www.engadget.com/apple-nso-group-spyware-lawsuit-181306004.html?src=rss
|
Apple sues NSO Group over state backed spywareApple is more than a little angry at NSO Group for developing spyware tools The iPhone maker has filed a lawsuit against NSO to quot hold it accountable quot for governments spying on and targeting Apple device users In addition to punishing NSO Apple also seeks to ban the surveillance software developer from using Apple products for future research Senior VP Craig Federighi acknowledged that NSO Group s Pegasus spyware is only aimed at surveilling a small number of people on multiple platforms including Android However Apple stressed that targets are frequently activists journalists and other critics of regimes that routinely suppress political dissent The company further accused NSO of quot flagrant violations quot of federal and state level laws in the US The lawsuit also sheds more light on NSO s reported quot FORCEDENTRY quot exploit According to Apple intruders pushed FORCEDENTRY by creating bogus Apple IDs to send malicious code without alerting targets Apple said its servers weren t compromised in the process but it clearly wasn t happy that its account system was used for this surveillance Alongside the lawsuit Apple is promising to donate million plus any lawsuit damages toward groups advocating against or researching this kind of digital surveillance It s further promising free engineering intelligence and technical help for FORCEDENTRY discoverer Citizen Lab and other organizations with similar goals We ve asked NSO Group for comment In the past it has repeatedly maintained that it shuts off access to known abusers It also denied that Pegasus was used to target murdered Saudi journalist Jamal Khashoggi The Israeli firm has even gone on the offensive hiring a libel attorney that accused investigators of misinterpreting data and otherwise smearing NSO s reputation NSO might not have many allies WhatsApp for instance accused NSO of enabling attacks on government officials and rejected the Pegasus creator s denials The tech industry sees NSO as a threat to the privacy of its users and thus its reputation and it won t be surprising if other companies support Apple s case |
2021-11-23 18:13:06 |
| Cisco |
Cisco Blog |
How small retailers can improve customer and associate experiences this holiday season |
https://blogs.cisco.com/retail/how-small-retailers-can-improve-customer-and-associate-experiences-this-holiday-season
|
How small retailers can improve customer and associate experiences this holiday seasonSmallBusinessSaturday is just around the corner and we take a closer look at the technology small retailers need to accelerate digital transformation and improve customer experiences |
2021-11-23 18:16:00 |
| 海外科学 |
NYT > Science |
This Ink Is Alive and Made Entirely of Microbes |
https://www.nytimes.com/2021/11/23/science/microbes-construction-bacteria.html
|
bacterial |
2021-11-23 18:14:58 |
| ニュース |
BBC News - Home |
Work-from-home advice strengthened in Northern Ireland |
https://www.bbc.co.uk/news/uk-northern-ireland-59382390?at_medium=RSS&at_campaign=KARANGA
|
covid |
2021-11-23 18:17:06 |
| ニュース |
BBC News - Home |
Brook House detention centre whistleblower 'abuse' inquiry begins |
https://www.bbc.co.uk/news/uk-england-sussex-59388291?at_medium=RSS&at_campaign=KARANGA
|
panorama |
2021-11-23 18:31:18 |
| ニュース |
BBC News - Home |
Meredith Kercher: Student's killer Rudy Guede ends sentence |
https://www.bbc.co.uk/news/world-europe-59388718?at_medium=RSS&at_campaign=KARANGA
|
italy |
2021-11-23 18:42:13 |
| ニュース |
BBC News - Home |
Grammy Awards: Olivia Rodrigo dominates nominations for 2022 |
https://www.bbc.co.uk/news/entertainment-arts-59388351?at_medium=RSS&at_campaign=KARANGA
|
night |
2021-11-23 18:44:10 |
| ニュース |
BBC News - Home |
Pochettino not distracted by Man Utd connection |
https://www.bbc.co.uk/sport/football/59394315?at_medium=RSS&at_campaign=KARANGA
|
Pochettino not distracted by Man Utd connectionMauricio Pochettino says he is so happy at Paris St Germain and will not be distracted by the suggestion that he is open to taking over at Manchester United |
2021-11-23 18:19:46 |
| ニュース |
BBC News - Home |
Bright to captain England in Women's World Cup qualifiers |
https://www.bbc.co.uk/sport/football/59388166?at_medium=RSS&at_campaign=KARANGA
|
latvia |
2021-11-23 18:31:14 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
コロナ禍転じて小売りの「グレート・リセット」 - WSJ PickUp |
https://diamond.jp/articles/-/288405
|
wsjpickup |
2021-11-24 03:50:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
大映社長にプロ野球オーナー、永田雅一の映画、野球、競馬放談(後編) - The Legend Interview不朽 |
https://diamond.jp/articles/-/288001
|
thelegendinterview |
2021-11-24 03:45:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
サプライチェーン混乱、緩和の兆し - WSJ PickUp |
https://diamond.jp/articles/-/288406
|
wsjpickup |
2021-11-24 03:40:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
ビジョン・ファンドCFO「投資の多くは失敗する」 - WSJ PickUp |
https://diamond.jp/articles/-/288407
|
wsjpickup |
2021-11-24 03:35:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
留職、価値観ババ抜き……有志活動と人事のコラボが切り拓く新しい可能性とは - 大企業ハック大全 |
https://diamond.jp/articles/-/288074
|
東京海上 |
2021-11-24 03:27:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
老眼を目薬で改善!米食品医薬品局が世界初承認 - カラダご医見番 |
https://diamond.jp/articles/-/287945
|
高齢者 |
2021-11-24 03:25:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
生徒の積極性を喚起した「カリタス女子」の“教科センター型”校舎 - 中学受験のキーパーソン |
https://diamond.jp/articles/-/288099
|
中学受験 |
2021-11-24 03:20:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
ひろゆきが「若者よ、老害の言う『前例』を無視せよ」と語る深いワケ - 1%の努力 |
https://diamond.jp/articles/-/287598
|
youtube |
2021-11-24 03:15:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
成功している人がやっている、口グセの習慣とは? - 生きづらいがラクになる ゆるメンタル練習帳 |
https://diamond.jp/articles/-/288427
|
|
2021-11-24 03:05:00 |
| GCP |
Cloud Blog |
Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report |
https://cloud.google.com/blog/products/identity-security/coin-mining-ransomware-apts-target-cloud-gcat-report/
|
Illicit coin mining ransomware APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons reportAt Google we have an immense aperture into the global cybersecurity threat landscape and the means to mitigate risks that stem from those threats With our recently launched Google Cybersecurity Action Team we are bringing more of our security abilities and advisory services to our customers to increase their defenses A big part of this is to bridge our collective threat intelligence to yield specific insights such as when malicious hackers exploit improperly secured cloud instances to download cryptocurrency mining software to the systemーsometimes within seconds of being compromised This is one of several observations that we have published in the first issue of the Threat Horizons report read the executive summary or the full report The report highlights recent observations from the Google Threat Analysis Group TAG Google Cloud Security and Trust Center Google Cloud Threat Intelligence for Chronicle Trust and Safety and other internal teams who collectively work to protect our customers and users The report s goal is to provide actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever evolving threats In this and future threat intelligence reports the Google Cybersecurity Action Team will provide threat horizon scanning trend tracking and Early Warning announcements about emerging threats requiring immediate action While cloud customers continue to face a variety of threats across applications and infrastructure many successful attacks are due to poor hygiene and a lack of basic control implementation Most recently our internal security teams have responded to cryptocurrency mining abuse phishing campaigns and ransomware Given these specific observations and general threats organizations that put emphasis on secure implementation monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact The cloud threat landscape in was more complex than just rogue cryptocurrency miners of course Google researchers from TAG exposed a credential phishing attack by Russian government supported APT Fancy Bear at the end of September that Google successfully blocked a North Korean government backed threat group which posed as Samsung recruiters to send malicious attachments to employees at several South Korean anti malware cybersecurity companies and detected customer installations infected with Black Matter ransomware the successor to the DarkSide ransomware family Across these four instances of malicious activity we see the impact of poorly secured customer installations To stop them we embrace a shared fate model with our customers and provide trends and lessons learned from recent cybersecurity incidents and close calls We suggest several concrete actions for customers that will help them manage the risks they face Vulnerable GCP instances spear phishing attacks patching software and using public code repositories all come with risks Following these recommendations can reduce the chance of unexpected financial losses and outcomes that may harm your business Audit published projects to ensure certs and credentials are not accidentally exposed Certs and credentials are mistakenly included in projects published on GitHub and other repositories on a regular basis Audits help avoid this mistake Authenticate downloaded code with hashing The common practice for clients to download updates and code from cloud resources raises the concern that unauthorized code may be downloaded in the process Meddler in the Middle MITM attacks may cause unauthorized source code to be pulled into production Hashing and verifying all downloads preserves the integrity of the software supply chain and establishes an effective chain of custody Use multiple layers of defense to combat theft of credentials and authentication cookies Cloud hosted resources have the benefit of high availability and anywhere anytime access While this streamlines workforce operations malicious actors try to take advantage of the ubiquitous nature of the cloud to compromise cloud resources Despite the growing public attention to cybersecurity spear phishing and social engineering tactics are frequently successful so defensive measures need to be robust and layered to protect cloud resources due to ubiquitous access In addition to two factor authentication Cloud administrators should strengthen their environment through Context Aware Access and solutions such as BeyondCorp Enterprise and Work Safer The executive summary of the Threat Horizons report is available here and the full report goes into greater detail of the current cloud threat landscape and the steps we recommend to reduce those risks and can be downloaded here |
2021-11-23 18:30:00 |
コメント
コメントを投稿