Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Western Digital patches remote command execution and authentication bypass vulnerabilities in My Cloud storage products [Read More]
Docker recently resolved a runc privilege escalation vulnerability that could be exploited by a malicious program to escape container and access the host. [Read More]
Google has launched a beta version of a new Cloud Key Management System (KMS) to supplement the existing Google-managed server-side encryption and customer-controlled on-premise key management. [Read More]
A second variant of the Shamoon 2 malware targets virtualization products, likely in an effort to make recovery more difficult and increase the impact of the attack [Read More]
An open source tool called “Truffle Hog” helps developers check if they’ve accidentally leaked any secret keys on GitHub [Read More]
Bitglass, a Silicon Valley-based provider of mobile and cloud data protection solutions, today announced that it has secured $45 million in a Series C funding round. [Read More]
Cisco patches actively exploited privilege escalation vulnerability in CloudCenter Orchestrator [Read More]
VMware patches important XSS in ESXi and critical authentication flaw in vSphere Data Protection (VDP) [Read More]
Symantec on Monday filed a patent infringement lawsuit against cloud-based security firm Zscaler, Inc., accusing Zscaler of violating seven of Symantec’s patents within Zscaler products. [Read More]
Vulnerabilities in Microsoft’s Azure cloud platform could have been exploited to gain access to RHEL virtual machines and storage accounts [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

Scott Simkin's picture
Attackers have developed anti-VM analysis techniques to allow the malware to recognize when it is being run on a virtual machine and fail to execute, meaning the system or threat analytics cannot make a verdict determination or extract intelligence from the sample.
Marie Hattar's picture
To fully realize the benefit of the Public Cloud, it is vital that the same due diligence applied to a physical network is applied to a cloud-based infrastructure.
Ken McAlpine's picture
Dozens of isolated security tools and platforms, regardless of how relevant they are to new cloud-based networks, create their own problem.
Marie Hattar's picture
Given the security events over the past year, ,2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up.
David Holmes's picture
What are the possible threat vectors if you were doing a threat model assessment for any of cloud passwords management models?
Jim Ivers's picture
Organizations should fear security concerns when considering moving applications to the cloud. But they need to recognize that moving web applications to the cloud does not make them secure.
Jennifer Blatnik's picture
While using containers to secure your organization is a relatively novel approach, it can lead to cost savings and massive scalability.
David Holmes's picture
How do you secure application components when they’re shifting from cloud to cloud? Any traffic traversing from one public cloud to another is by definition crossing the Internet and should therefore not be trusted.
Alan Cohen's picture
Traditional incident management approaches that rely on network monitoring and detection of attacks are also falling short in today’s agile and distributed computing world.
Alan Cohen's picture
Now that we are coming up on the second “year of the hack”—who said good things only come around once, right?