Security Experts:

WRITE FOR US

LATEST SECURITY NEWS HEADLINES

rss icon

Polkit Vulnerability Provides Root Privileges on Linux Systems
Europe's Hypocrisy Over Personal Data Privacy Exposed
Two More Poles Identified as Victims of Hacking With Spyware
SonicWall Customers Warned of Possible Attacks Exploiting Recent Vulnerability
New macOS Malware 'DazzleSpy' Used in Hong Kong Attacks
long dotted

NEWS & INDUSTRY UPDATES

Project Zero: Zoom Platform Missed ASLR Exploit Mitigation
Google researcher documents a pair of Zoom security defects and chides the company for missing a decades-old anti-exploit mitigation. [Read More]
Cloud Security Firm Polar Security Emerges From Stealth With $8.5 Million Seed Funding
Cloud security firm Polar Security has emerged from stealth with $8.5 million seed funding to provide visibility into companies’ cloud data storage to allow security teams to secure the data and avoid compliance problems. [Read More]
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over accounts without needing access to the target's phone. [Read More]
Cloud Detection and Response Firm Permiso Emerges From Stealth With $10M in Funding
Cybersecurity startup Permiso has emerged from stealth with $10 million in funding to identify and track human, machine, vendor and service provider identities in IaaS and PaaS infrastructures. [Read More]
Details Published on AWS Flaws Leading to Data Leaks
Security researchers document vulnerabilities in AWS CloudFormation and AWS Glue that could be abused to leak sensitive files and access other customer’s data. [Read More]
FCC Chair Proposes New Policies for Carrier Data Breach Reporting
Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel proposes strengthening rules around telecom providers’ reporting of data breaches. [Read More]
Apple Patches iOS HomeKit Flaw After Researcher Warning
Apple ships iOS fix for a persistent HomeKit denial-of-service flaw but only after an independent researcher publicly criticized the company for ignoring his discovery. [Read More]
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws
Mozilla fixes multiple high-severity vulnerabilities with the release of Firefox 96, Firefox ESR 91.5, and Thunderbird 91.5. [Read More]
Eureka Emerges From Stealth With Cloud Data Security Platform
Eureka has emerged from stealth mode with a cloud data security posture management platform and $8 million in seed funding. [Read More]
Patch Tuesday: Microsoft Calls Attention to 'Wormable' Windows Flaw
Microsoft’s first batch of patches for 2022 cover at least 97 security flaws, including a critical HTTP Protocol Stack bug described as “wormable.” [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

Laurence Pitt's picture
What to Expect in 2022: Microservices Will Bring Macro Threats
Laurence Pitt - Identity & Access
Defense-in-depth encourages a review of all tools in place, ultimately defining a strategy to use everything available to create a layered security approach between users (or potential attackers) and applications/microservices in use.
Read full story
Gordon Lawson's picture
Meeting Backup Requirements for Cyber Insurance Coverage
Gordon Lawson - Cloud Security
Most cyber insurance providers are demanding that companies supply proof of their backup implementation in order to obtain an affordable policy.
Read full story
Gordon Lawson's picture
Three Ways to Keep Cloud Data Safe From Attackers
Gordon Lawson - Cloud Security
Current cloud deployments pose significant risks that could be mitigated with minor changes to infrastructure procurement and access.
Read full story
Laurence Pitt's picture
Cloud Considerations Learned from the Pandemic
Laurence Pitt - Cloud Security
The flexible and secure nature of the cloud allows security and application teams to focus on defining strategy for the future rather than being consumed by the management of what is in place today.
Read full story
William Lin's picture
The VC View: Identity = Zero Trust for Everything
William Lin - Identity & Access
The most common “new project” in identity nowadays is in Zero Trust. This concept has been evolving for years, and is building controls around an interesting premise: the idea that every resource will one day be internet-facing.
Read full story
Gunter Ollmann's picture
The Rise of Continuous Attack Surface Management
Gunter Ollmann - Risk Management
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Read full story
Tim Bandos's picture
The Benefits of Cloud Services Far Outweigh On-Premises in 2021
Tim Bandos - Cloud Security
Shifting to the cloud can be a radical but necessary change. There’s no denying the transition can be time consuming and costly upfront.
Read full story
William Lin's picture
The VC View: Cloud Security and Compliance
William Lin - Cloud Security
The combination of “shifting left” and “cloud security” is going to happen and be called “shifting everywhere.”
Read full story
Gunter Ollmann's picture
The Cusp of a Virtual Analyst Revolution
Gunter Ollmann - Incident Response
Once live stomping around vendor-packed expo halls at security conferences returns, it is highly probable that “Virtual Analyst” will play a starring role in buzzword bingo.
Read full story
Gunter Ollmann's picture
Reinventing Managed Security Services' Detection and Response
Gunter Ollmann - Cloud Security
Managed security services are undergoing a timely and significant transformation, armed with new hyperscalable technology stacks, hybrid enterprise and cross-cloud protection complexities.
Read full story