Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The patch comes exactly one week after the Redmond, Wash. software giant acknowledged the CVE-2021-40444 security defect and confirmed the existence of in-the-wild exploitation via booby-trapped Microsoft Office documents. [Read More]
A five-year study conducted by Imperva shows that nearly half of on-premises databases globally contain at least one vulnerability. [Read More]
Google joins Apple and Microsoft in warning about zero-day flaws being exploited in the wild. This time the target is the popular Google Chrome browser. [Read More]
Apple ships fixes for a pair of iOS and macOS security defects alongside a warning that these issues belong in the “actively exploited” zero-day category. [Read More]
Hackers leaked online credentials stolen from 87,000 VPN devices, affecting roughly 22,500 victims worldwide, including nearly 3,000 in the United States. [Read More]
Tenable makes its priciest acquisition to date and expands its product portfolio with capabilities to detect security problems in code before they become operational security risks. [Read More]
Users will have an end-to-end encryption option when choosing to store their backups in Google Drive or iCloud. [Read More]
OpenSSL 3.0 has finally been released — it took 3 years, 17 alpha releases, two beta releases and more than 7,500 commits and contributions. [Read More]
Cisco warns that these vulnerabilities could be exploited by attackers to reboot devices, elevate privileges, or overwrite and read arbitrary files. [Read More]
A critical security flaw in HAProxy could lead to HTTP request smuggling attacks, allowing attackers to bypass security controls and access sensitive data without authorization. [Read More]

FEATURES, INSIGHTS // Data Protection

rss icon

William Lin's picture
Data security is a tough topic to summarize and I’d argue it may be the most misunderstood category in security right now.
Gunter Ollmann's picture
CISOs and their security teams need to quickly master these technologies if they’re to successfully partner with in-house development teams and secure “data-in-use.”
Gunter Ollmann's picture
It is reasonable to assume that within five years the term “confidential compute” will become superfluous and an assumed native component of all cloud services.
Alastair Paterson's picture
Opportunities for accidental exposure of sensitive information are often compounded by multiple stakeholders using collaborative tools without the proper policies, oversight and security training.
Laurence Pitt's picture
For an MSP looking to grow business, the convergence of SD-WAN and security, along with the transitional needs of customers, translates to opportunity.
Jim Gordon's picture
Individuals and security professionals should have a 360 mindset and know the actions needed to take in the pursuit of data protection and the preservation of privacy.
Alastair Paterson's picture
If it takes a whole village to raise a child, it takes a whole community of vendors and business partners to build a secure data environment.
Ellison Anne Williams's picture
Data in Use has become a point of least resistance for an attacker. There is a major industry need to recognize this lapse and close the gap in data security by protecting data while it is being used.
Gunter Ollmann's picture
DLP has always been tricky to deploy and enforce, and most CISOs can freely regale stories of DLP promises and their subsequent failures.
Ellison Anne Williams's picture
Data protection schemes must recognize and secure data as it exists at all points in the processing lifecycle, whether at rest, in transit, or in use.