Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

VMware patches dangerous security flaw that allows malicious actor with network access to the UI to obtain administrative access without the need to authenticate. [Read More]
Cybersleuths at Microsoft discover a link between the recent ‘Raspberry Robin’ USB-based worm attacks and the notorious EvilCorp ransomware operation. [Read More]
In testimony before the the US House Intelligence Committee, security pros at Google and Citizen Lab make fresh calls for a wholesale clampdown on problematic commercial spyware vendors. [Read More]
Redmond's security research teams intercept multiple zero-day attacks attributed to DSIRF, a private cyber mercenary firm operating out of Austria. [Read More]
A global study of 550 organizations finds the average cost of a data breach reaching all-time high of $4.35 million as businesses struggle with ransomware and lack of zero trust principles. [Read More]
At its re:Inforce 2022 conference, AWS announced several enhancements to its cloud security, privacy and compliance offerings, and the launch of a new Customer Incident Response Team (CIRT). [Read More]
Reports say a Greek lawmaker in the European Parliament was targeted with malicious links trying to plant the Predator spyware program. [Read More]
A major security vulnerability in the open source PrestaShop software is being exploited in the wild and approximately 300,000 merchant shops are at risk. [Read More]
SonicWall ships urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the defect exposes businesses to remote hacker attacks. [Read More]
Researchers at Intezer are documenting the intricacies of Lightning Framework, an undetected Swiss Army Knife-like Linux malware capable of installing rootkits. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

John Maddison's picture
Digital acceleration, user demand, and shifting business strategies add new edges to the network, making it increasingly difficult to manage and even harder to secure.
Laurence Pitt's picture
Defense-in-depth encourages a review of all tools in place, ultimately defining a strategy to use everything available to create a layered security approach between users (or potential attackers) and applications/microservices in use.
Gordon Lawson's picture
Most cyber insurance providers are demanding that companies supply proof of their backup implementation in order to obtain an affordable policy.
Gordon Lawson's picture
Current cloud deployments pose significant risks that could be mitigated with minor changes to infrastructure procurement and access.
Laurence Pitt's picture
The flexible and secure nature of the cloud allows security and application teams to focus on defining strategy for the future rather than being consumed by the management of what is in place today.
William Lin's picture
The most common “new project” in identity nowadays is in Zero Trust. This concept has been evolving for years, and is building controls around an interesting premise: the idea that every resource will one day be internet-facing.
Gunter Ollmann's picture
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Tim Bandos's picture
Shifting to the cloud can be a radical but necessary change. There’s no denying the transition can be time consuming and costly upfront.
William Lin's picture
The combination of “shifting left” and “cloud security” is going to happen and be called “shifting everywhere.”
Gunter Ollmann's picture
Once live stomping around vendor-packed expo halls at security conferences returns, it is highly probable that “Virtual Analyst” will play a starring role in buzzword bingo.