Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Navistar International Corporation confirms data stolen in cyberattack that affected some operations. [Read More]
Palo Alto researchers document a new malware that leverages Windows container escape techniques and can achieve code execution on the node and spread to entire Kubernetes clusters. [Read More]
The company offers an infrastructure-as-code security platform that can be integrated into the software development lifecycle. [Read More]
Microsoft snaps an early-stage startup ReFirm Labs that helps businesses pinpoint and fix weak links in firmware powering smart devices like light bulbs and connected printers. [Read More]
Ongoing, multi-vendor investigations into the SolarWinds mega-hack lead to the discovery of new malware artifacts that could be used in future supply chain attacks, including a poisoned update installer. [Read More]
A KPMG report finds that the email system used by Accellion never sent the email notifications to FTA customers and the company never informed them of the flaw being actively exploited. [Read More]
Late-state SIEM startup adds a new chief executive and banks a $200 million “growth round” investment at a $2.4 billion valuation. [Read More]
Cloud-native security analytics provider Uptycs has closed a $50 million Series C funding round, bringing the total raised by the company to date up to $93 million. [Read More]
The new tool allows security researchers to simulate attack techniques and test the effectiveness of Microsoft detection tools. [Read More]
The 2021 edition of the RSA Conference — a fully virtual event this year — took place May 17-20 and several companies used the opportunity to announce new products, services, initiatives, and other resources. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

William Lin's picture
The most common “new project” in identity nowadays is in Zero Trust. This concept has been evolving for years, and is building controls around an interesting premise: the idea that every resource will one day be internet-facing.
Gunter Ollmann's picture
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Tim Bandos's picture
Shifting to the cloud can be a radical but necessary change. There’s no denying the transition can be time consuming and costly upfront.
William Lin's picture
The combination of “shifting left” and “cloud security” is going to happen and be called “shifting everywhere.”
Gunter Ollmann's picture
Once live stomping around vendor-packed expo halls at security conferences returns, it is highly probable that “Virtual Analyst” will play a starring role in buzzword bingo.
Gunter Ollmann's picture
Managed security services are undergoing a timely and significant transformation, armed with new hyperscalable technology stacks, hybrid enterprise and cross-cloud protection complexities.
Gunter Ollmann's picture
CISOs and their security teams need to quickly master these technologies if they’re to successfully partner with in-house development teams and secure “data-in-use.”
Gunter Ollmann's picture
It is reasonable to assume that within five years the term “confidential compute” will become superfluous and an assumed native component of all cloud services.
Justin Fier's picture
Businesses should be emphasizing visibility, early threat detection, and focusing on understanding ‘normal’ activity rather than ‘bad.’
Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.