The entire Pomerium team (not pictured) was at KubeCon 2024 from Nov 12-15, and we loved every second of meeting the passionate community, showing off our demos, and handing out our unique swag.
If you missed us at KubeCon, but you would still like to speak with the team, sign up to talk with our team!
Create new routes to connect to Postgres via TCP and HTTPS, and verify the route setup by connecting to Postgres.
Manage Connections in Pomerium Desktop Client
(2 minute tutorial)
Export and import Git connections within the Pomerium desktop client.
Applications include:
Allowing developers to share connections across multiple devices
Exporting connections to Git
Importing connections for onboarding new users.
The Great VPN Myth
What PCI DSS 4.0 Actually Requires for Remote Access
Debunk the expensive misconception that a VPN is needed for PCI compliance by going through PCI DSS 4.0 line by line.
Sneak Peek:
PCI DSS 4.0 makes exactly zero mentions of VPNs. Here's what it requires for remote access (directly quoted in italics):
Requirement 7.2.5: Access Control
Access is assigned to users, including privileged users, based on:
Job classification and function.
Least privileges necessary to perform job responsibilities.
VPNs give network-level access - the opposite of least privilege. They're the equivalent of giving someone keys to your entire building when they only need to access one room.
Turkey, mashed potatoes, and gravy was not enough to deter attackers :(
Every month, we compile a list of breaches that were reported on during the past month. Here's a preview of some breaches involving big names and large groups of individuals that happened in November.
Roughly 57 million unique email addresses allegedly stolen from fashion retailer Hot Topic have been posted online, data breach notification website Have I Been Pwned warns. Roughly 25 million credit cards, 25 million names, 25 million phone numbers, and tens of millions of birth dates, home addresses, and job titles were also compromised, Atlas said.
A disruptive ransomware attack on Blue Yonder, a supply chain management software provider for major retailers, consumer product companies, and manufacturers, highlights the heightened risk organizations face during the busy holiday season. A November attack on Blue Yonder affected infrastructure that the company uses to host a variety of managed services for customers, which include 46 of the top 100 manufacturers, 64 of the top 100 consumer product goods makers, and 76 of the top 100 retailers in the world.
In a significant development that underscores the lasting impact of 2023's MOVEit vulnerability, Amazon has confirmed that employee data was compromised through a third-party property management vendor. The breach, revealed by a threat actor known as "Nam3L3ss," exposes the continuing ripple effects of one of last year's most devastating supply chain attacks.
OnePoint Patient Care notified the HHS’ Office for Civil Rights (OCR) about a hacking-related data breach that involved the protected health information of 795,916 individuals; however, on November 22, 2024, the Maine Attorney General was notified that the data breach affected more than twice the number of people – 1,741,152 individuals, including 99 Maine residents.
Summit Pathology Laboratories, Inc., a Colorado pathology service provider, has confirmed in a breach report to the HHS’ Office for Civil Rights (OCR) that 1,813,538 patients have been affected by an April 2024 cyberattack. A third-party cybersecurity firm was engaged to investigate the incident and determine the nature and scope of the security breach.
Want free swag? Drop us a line at media@pomerium.com and let us know how you’re using Pomerium. We love hearing about all the ways our users are securing their infrastructure and accelerating their deployments with Pomerium, and want to share those stories with the Pomerium community.
