Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Four major wireless U.S. carriers are developing a new single sign-on variant they believe will finally do away with passwords. [Read More]
Researchers say a UK-based document printing and binding company leaked hundreds of gigabytes of information, including sensitive military documents, via an unprotected AWS server. [Read More]
Researchers say two connected financial services companies have exposed over 500,000 sensitive legal and financial documents. [Read More]
Thales, Telstra, Microsoft, and Arduino this week announced a partnership aimed at enabling the secure connection of IoT devices to the cloud. [Read More]
Intel CPUs are vulnerable to a new type of attack named Load Value Injection (LVI) and described as a reverse Meltdown-type attack, but Intel says users should not be too concerned. [Read More]
Researchers have analyzed 20 of the most popular Docker container images and found that while they contain many vulnerabilities, less than half of these flaws pose an actual risk. [Read More]
A threat actor, likely a state-sponsored cyberespionage group, has used a sophisticated technique to allow its malware to communicate with C&C servers across firewalls. [Read More]
Cisco launches SecureX, a cloud-native security platform designed to improve visibility, deliver analytics, and automate common security workflows. [Read More]
VMware has patched serious vulnerabilities, including remote code execution and authentication bypass issues, in vRealize Operations for Horizon Adapter. [Read More]
A surge in malicious login attempts is likely to be a flood of credential lists in the criminal marketplace, the attractiveness of financial data, and a more general shift in criminal credential abuse towards targeting API logins. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly cognizant of the value deep integration of threat intelligence can bring to cloud protection platforms and bottom-line operational budgets.
Torsten George's picture
Securing multi-cloud and hybrid environments creates an unfamiliar situation for many organizations, in which they’re unsure of who is responsible for controlling access to and securing the underlying infrastructure.
John Maddison's picture
A single, cross-platform security strategy ensures that your cloud security deployment doesn’t replicate the challenges of complexity, siloed solutions, and solution sprawl faced in traditional network security environments.
Gunter Ollmann's picture
The faster in-house network administrators can transition to becoming public cloud network security engineers, architects, or analysts, the faster their organizations can implement digital transformation.
Justin Fier's picture
As executives, developers, security teams, and third-party vendors struggle to exert their influence on digital transformation, threat-actors are exploiting the chaos for their own gain.
Alastair Paterson's picture
If it takes a whole village to raise a child, it takes a whole community of vendors and business partners to build a secure data environment.
Laurence Pitt's picture
“The Cloud Wars” may be dominating IT news headlines, but what does this phrase actually mean? And is it something that an enterprise needs to be concerned with?
Gunter Ollmann's picture
To the surprise of many, public cloud appears to be driving a renaissance in adoption and advancement of managed security service providers (MSSP).
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.
Gunter Ollmann's picture
75 years may separate War World II from cloud SIEM, but we’re on the cusp of being able to apply the hard-earned learnings from Abraham Wald in our latest adversarial conflict – the cyberwar.