Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

VMWare fixes a serious URL-handling vulnerability in the Carbon Black administrative interface and warns of authentication bypass and potential code execution risks. [Read More]
The U.S. Department of Homeland Security's CISA is directing federal agencies to scan their Microsoft Exchange environments for four weeks and report if they find any compromised servers. [Read More]
Researchers warns that tens of thousands of QNAP SOHO NAS devices potentially impacted by unpatched remote code execution flaws. [Read More]
Citrix warns that the bugs could result in privileged code in a guest virtual machine to crash the host or render it unresponsive. [Read More]
North Korean government-backed APT group caught using a fake pen-testing company sock puppet Twitter and LinkedIn accounts in an escalation of a hacking campaign targeting security research professionals. [Read More]
A serious security bug in the 'netmask' npm package leads to misinterpretation of IP addresses. [Read More]
Reuters is reporting that a draft executive order would set new rules on data breach disclosure and use of multi-factor authentication and encryption in federal agencies. [Read More]
Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks. [Read More]
With new financial backing from Great Hill Partners, Jumio plans to invest in automating identity verification solutions and adding new services to its platform. [Read More]
Cloud security company Orca becomes a unicorn after raising $210 million in a Series C funding round at a valuation of $1.2 billion. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

Gunter Ollmann's picture
Once live stomping around vendor-packed expo halls at security conferences returns, it is highly probable that “Virtual Analyst” will play a starring role in buzzword bingo.
Gunter Ollmann's picture
Managed security services are undergoing a timely and significant transformation, armed with new hyperscalable technology stacks, hybrid enterprise and cross-cloud protection complexities.
Gunter Ollmann's picture
CISOs and their security teams need to quickly master these technologies if they’re to successfully partner with in-house development teams and secure “data-in-use.”
Gunter Ollmann's picture
It is reasonable to assume that within five years the term “confidential compute” will become superfluous and an assumed native component of all cloud services.
Justin Fier's picture
Businesses should be emphasizing visibility, early threat detection, and focusing on understanding ‘normal’ activity rather than ‘bad.’
Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Gunter Ollmann's picture
With a diverse and globally distributed workforce, cybersecurity buying decisions will increasingly factor accessibility, usability, and inclusiveness in solution design and operability.
Gunter Ollmann's picture
CISOs are increasingly cognizant of the value deep integration of threat intelligence can bring to cloud protection platforms and bottom-line operational budgets.
Torsten George's picture
Securing multi-cloud and hybrid environments creates an unfamiliar situation for many organizations, in which they’re unsure of who is responsible for controlling access to and securing the underlying infrastructure.
John Maddison's picture
A single, cross-platform security strategy ensures that your cloud security deployment doesn’t replicate the challenges of complexity, siloed solutions, and solution sprawl faced in traditional network security environments.