Security Turbulence in the Cloud: Survey Says…
Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps. [...]
Showing only posts tagged Cloud security. Show all posts.
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. [...]
Canadian Centre for Cyber Security Assessment Summary report now available in AWS Artifact
French version At Amazon Web Services (AWS), we are committed to providing continued assurance to our customers through assessments, certifications, and attestations that support the adoption of AWS services. We are pleased to announce the availability of the Canadian Centre for Cyber Security (CCCS) assessment summary report for AWS …
Zero-Trust For All: A Practical Guide
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures. [...]
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Exploring what's next for public-cloud security, including top risks and how to implement better risk management. [...]
Protect Your Executives’ Cybersecurity Amidst Global Cyberwar
In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage. [...]
Cyberattackers Put the Pedal to the Medal: Podcast
Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. [...]
Microsoft Zero-Days, Wormable Bugs Spark Concern
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. [...]
Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia. [...]
Lapsus$ ‘Back from Vacation’
Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list. [...]
Microsoft Azure Developers Awash in PII-Stealing npm Packages
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. [...]
Top 3 Attack Trends in API Security – Podcast
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest. [...]
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
The data-extortion gang got at Microsoft's Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack. [...]
Misconfigured Firebase Databases Exposing Data in Mobile Apps
Five percent of the databases are vulnerable to threat actors: It's a gold mine of exploit opportunity in thousands of mobile apps, researchers say. [...]
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. [...]
The Uncertain Future of IT Automation
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. [...]
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. [...]
Massive Meris Botnet Embeds Ransomware Notes from REvil
Notes threatening to tank targeted companies' stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL. [...]
Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins
A targeted phishing attack takes aim at a major U.S. payments company. [...]
The Art of Non-boring Cybersec Training–Podcast
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in. [...]
Cyberattackers Cook Up Employee Personal Data Heist for Meyer
The Conti gang breached the cookware giant's network, prepping thousands of employees’ personal data for consumption by cybercrooks. [...]
Kill Cloud Risk: Get Everybody to Stop Fighting Over App Security – Podcast
When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling. [...]
Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS. [...]
3 Tips for Facing the Harsh Truths of Cybersecurity in 2022, Part I
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout. [...]
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community's focus on stopping ransomware attacks. [...]
« newer articles | page 2 | older articles »