Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

VMware slapped a critical-severity rating on the bulletin and warned that three of the patched flaws are marked with a CVSS severity score of 9.8/10. [Read More]
For the second consecutive month, Microsoft rushed out patches to cover vulnerabilities that were already exploited as zero-day in the wild, including a pair of belated fixes for exploited Microsoft Exchange Server flaws. [Read More]
Redmond warns that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. [Read More]
Apiiro raises $100 million in Series B funding to help application developers and security engineers address risks before releasing to the cloud. [Read More]
Cloud-native intrusion prevention provider Spyderbat raises $10 million in Series A funding. [Read More]
Two vulnerabilities in Jira Align could allow attackers to elevate privileges, obtain Atlassian cloud credentials, and potentially impact Atlassian infrastructure. [Read More]
Apple confirms the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. [Read More]
Microsoft has confirmed exposing prospective customer data due to a misconfiguration, but claims the reporting company has exaggerated the numbers. [Read More]
SafeBreach warns of a new PowerShell backdoor that pretends to be part of the Windows update process. [Read More]
Microsoft has patched a vulnerability tracked as FabriXss and CVE-2022-35829 that can allow an attacker to gain full admin permissions on Azure Service Fabric clusters. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

John Maddison's picture
By integrating with native security services on major cloud platforms, a CNP solution can effectively correlate security findings to pinpoint risks and recommend effective mitigation.
John Maddison's picture
Digital acceleration, user demand, and shifting business strategies add new edges to the network, making it increasingly difficult to manage and even harder to secure.
Laurence Pitt's picture
Defense-in-depth encourages a review of all tools in place, ultimately defining a strategy to use everything available to create a layered security approach between users (or potential attackers) and applications/microservices in use.
Gordon Lawson's picture
Most cyber insurance providers are demanding that companies supply proof of their backup implementation in order to obtain an affordable policy.
Gordon Lawson's picture
Current cloud deployments pose significant risks that could be mitigated with minor changes to infrastructure procurement and access.
Laurence Pitt's picture
The flexible and secure nature of the cloud allows security and application teams to focus on defining strategy for the future rather than being consumed by the management of what is in place today.
William Lin's picture
The most common “new project” in identity nowadays is in Zero Trust. This concept has been evolving for years, and is building controls around an interesting premise: the idea that every resource will one day be internet-facing.
Gunter Ollmann's picture
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Tim Bandos's picture
Shifting to the cloud can be a radical but necessary change. There’s no denying the transition can be time consuming and costly upfront.
William Lin's picture
The combination of “shifting left” and “cloud security” is going to happen and be called “shifting everywhere.”