Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Bishop Fox has raised more than $154 million in lifetime funding to build and market technology for continuous attack surface management. [Read More]
VMware slapped a critical-severity rating on the bulletin and warned that three of the patched flaws are marked with a CVSS severity score of 9.8/10. [Read More]
For the second consecutive month, Microsoft rushed out patches to cover vulnerabilities that were already exploited as zero-day in the wild, including a pair of belated fixes for exploited Microsoft Exchange Server flaws. [Read More]
Redmond warns that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. [Read More]
Apiiro raises $100 million in Series B funding to help application developers and security engineers address risks before releasing to the cloud. [Read More]
Cloud-native intrusion prevention provider Spyderbat raises $10 million in Series A funding. [Read More]
Two vulnerabilities in Jira Align could allow attackers to elevate privileges, obtain Atlassian cloud credentials, and potentially impact Atlassian infrastructure. [Read More]
Apple confirms the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. [Read More]
Microsoft has confirmed exposing prospective customer data due to a misconfiguration, but claims the reporting company has exaggerated the numbers. [Read More]
SafeBreach warns of a new PowerShell backdoor that pretends to be part of the Windows update process. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

Gunter Ollmann's picture
Once live stomping around vendor-packed expo halls at security conferences returns, it is highly probable that “Virtual Analyst” will play a starring role in buzzword bingo.
Gunter Ollmann's picture
Managed security services are undergoing a timely and significant transformation, armed with new hyperscalable technology stacks, hybrid enterprise and cross-cloud protection complexities.
Gunter Ollmann's picture
CISOs and their security teams need to quickly master these technologies if they’re to successfully partner with in-house development teams and secure “data-in-use.”
Gunter Ollmann's picture
It is reasonable to assume that within five years the term “confidential compute” will become superfluous and an assumed native component of all cloud services.
Justin Fier's picture
Businesses should be emphasizing visibility, early threat detection, and focusing on understanding ‘normal’ activity rather than ‘bad.’
Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Gunter Ollmann's picture
With a diverse and globally distributed workforce, cybersecurity buying decisions will increasingly factor accessibility, usability, and inclusiveness in solution design and operability.
Gunter Ollmann's picture
CISOs are increasingly cognizant of the value deep integration of threat intelligence can bring to cloud protection platforms and bottom-line operational budgets.
Torsten George's picture
Securing multi-cloud and hybrid environments creates an unfamiliar situation for many organizations, in which they’re unsure of who is responsible for controlling access to and securing the underlying infrastructure.
John Maddison's picture
A single, cross-platform security strategy ensures that your cloud security deployment doesn’t replicate the challenges of complexity, siloed solutions, and solution sprawl faced in traditional network security environments.