Security Experts:

WRITE FOR US

LATEST SECURITY NEWS HEADLINES

rss icon

US Bans Huawei, ZTE Telecoms Gear Over Security Risk
EU Parliament Website Attacked After MEPs Slam Russian 'Terrorism'
Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse
Cross-Tenant AWS Vulnerability Exposed Account Resources
Facebook Parent Meta Links Influence Campaign to US Military
long dotted

NEWS & INDUSTRY UPDATES

Gaping Authentication Bypass Holes in VMware Workspace One
VMware slapped a critical-severity rating on the bulletin and warned that three of the patched flaws are marked with a CVSS severity score of 9.8/10. [Read More]
Microsoft Scrambles to Thwart New Zero-Day Attacks
For the second consecutive month, Microsoft rushed out patches to cover vulnerabilities that were already exploited as zero-day in the wild, including a pair of belated fixes for exploited Microsoft Exchange Server flaws. [Read More]
Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge
Redmond warns that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. [Read More]
Cloud-Native Application Security Firm Apiiro Raises $100 Million
Apiiro raises $100 million in Series B funding to help application developers and security engineers address risks before releasing to the cloud. [Read More]
Spyderbat Raises $10 Million for Cloud and Container Security Platform
Cloud-native intrusion prevention provider Spyderbat raises $10 million in Series A funding. [Read More]
Jira Align Vulnerabilities Exposed Atlassian Infrastructure to Attacks
Two vulnerabilities in Jira Align could allow attackers to elevate privileges, obtain Atlassian cloud credentials, and potentially impact Atlassian infrastructure. [Read More]
Apple Fixes Exploited Zero-Day With iOS 16.1 Patch
Apple confirms the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. [Read More]
Microsoft Confirms Data Breach, But Claims Numbers Are Exaggerated
Microsoft has confirmed exposing prospective customer data due to a misconfiguration, but claims the reporting company has exaggerated the numbers. [Read More]
New PowerShell Backdoor Poses as Part of Windows Update Process
SafeBreach warns of a new PowerShell backdoor that pretends to be part of the Windows update process. [Read More]
Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters
Microsoft has patched a vulnerability tracked as FabriXss and CVE-2022-35829 that can allow an attacker to gain full admin permissions on Azure Service Fabric clusters. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

John Maddison's picture
Multi-Cloud Networks Require Cloud-Native Protection
John Maddison - Cloud Security
By integrating with native security services on major cloud platforms, a CNP solution can effectively correlate security findings to pinpoint risks and recommend effective mitigation.
Read full story
John Maddison's picture
Hybrid Networks Require an Integrated On-prem and Cloud Security Strategy
John Maddison - Network Security
Digital acceleration, user demand, and shifting business strategies add new edges to the network, making it increasingly difficult to manage and even harder to secure.
Read full story
Laurence Pitt's picture
What to Expect in 2022: Microservices Will Bring Macro Threats
Laurence Pitt - Identity & Access
Defense-in-depth encourages a review of all tools in place, ultimately defining a strategy to use everything available to create a layered security approach between users (or potential attackers) and applications/microservices in use.
Read full story
Gordon Lawson's picture
Meeting Backup Requirements for Cyber Insurance Coverage
Gordon Lawson - Cloud Security
Most cyber insurance providers are demanding that companies supply proof of their backup implementation in order to obtain an affordable policy.
Read full story
Gordon Lawson's picture
Three Ways to Keep Cloud Data Safe From Attackers
Gordon Lawson - Cloud Security
Current cloud deployments pose significant risks that could be mitigated with minor changes to infrastructure procurement and access.
Read full story
Laurence Pitt's picture
Cloud Considerations Learned from the Pandemic
Laurence Pitt - Cloud Security
The flexible and secure nature of the cloud allows security and application teams to focus on defining strategy for the future rather than being consumed by the management of what is in place today.
Read full story
William Lin's picture
The VC View: Identity = Zero Trust for Everything
William Lin - Identity & Access
The most common “new project” in identity nowadays is in Zero Trust. This concept has been evolving for years, and is building controls around an interesting premise: the idea that every resource will one day be internet-facing.
Read full story
Gunter Ollmann's picture
The Rise of Continuous Attack Surface Management
Gunter Ollmann - Risk Management
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Read full story
Tim Bandos's picture
The Benefits of Cloud Services Far Outweigh On-Premises in 2021
Tim Bandos - Cloud Security
Shifting to the cloud can be a radical but necessary change. There’s no denying the transition can be time consuming and costly upfront.
Read full story
William Lin's picture
The VC View: Cloud Security and Compliance
William Lin - Cloud Security
The combination of “shifting left” and “cloud security” is going to happen and be called “shifting everywhere.”
Read full story