Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Hospitality chain McMenamins confirms employee information dating back to January 1998 was compromised in a recent ransomware attack. [Read More]
CrowdStrike is using Intel CPU telemetry to beef up detection of sophisticated exploits and to backport memory safety protections to oder PCs. [Read More]
LastPass users are being urged to change master passwords and enable multi-factor authentication for all accounts. [Read More]
Check Point security researchers publish findings from a deep-dive into DoubleFeature, a component of the Equation Group’s DanderSpritz post-exploitation framework. [Read More]
DuckDuckGo plans to ship a privacy-centric desktop browser built from scratch to compete with Google’s Chrome and Microsoft’s Edge. [Read More]
The Apache HTTP Server 2.4.52 is listed as urgent and CISA is calling on user to “update as soon as possible.” [Read More]
A long-term phishing experiment at a 56,000-employee company ends with a caution around the use of simulated phishing lures in corporate security awareness training exercises. [Read More]
Researchers warn that the vulnerability has existed since September 2017 and has likely been exploited in the wild. [Read More]
French video game company Ubisoft this week confirmed that 'Just Dance' user data was compromised in a recent cybersecurity incident. [Read More]
As the scale and impact of the Log4j security crisis become clearer, defenders brace for a long, bumpy ride filled with software-dependency headaches. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

Gunter Ollmann's picture
CISOs and their security teams need to quickly master these technologies if they’re to successfully partner with in-house development teams and secure “data-in-use.”
Gunter Ollmann's picture
It is reasonable to assume that within five years the term “confidential compute” will become superfluous and an assumed native component of all cloud services.
Justin Fier's picture
Businesses should be emphasizing visibility, early threat detection, and focusing on understanding ‘normal’ activity rather than ‘bad.’
Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Gunter Ollmann's picture
With a diverse and globally distributed workforce, cybersecurity buying decisions will increasingly factor accessibility, usability, and inclusiveness in solution design and operability.
Gunter Ollmann's picture
CISOs are increasingly cognizant of the value deep integration of threat intelligence can bring to cloud protection platforms and bottom-line operational budgets.
Torsten George's picture
Securing multi-cloud and hybrid environments creates an unfamiliar situation for many organizations, in which they’re unsure of who is responsible for controlling access to and securing the underlying infrastructure.
John Maddison's picture
A single, cross-platform security strategy ensures that your cloud security deployment doesn’t replicate the challenges of complexity, siloed solutions, and solution sprawl faced in traditional network security environments.
Gunter Ollmann's picture
The faster in-house network administrators can transition to becoming public cloud network security engineers, architects, or analysts, the faster their organizations can implement digital transformation.
Justin Fier's picture
As executives, developers, security teams, and third-party vendors struggle to exert their influence on digital transformation, threat-actors are exploiting the chaos for their own gain.