February 14, 2024
Via: CSO OnlineStriking a balance between sufficient visibility into cloud computing environments and the potential for an overdose of false positives and duplicate alerts is the key challenge facing cloud security professionals, according to the State of Security Remediation report from the […]
February 13, 2024
Via: CSO OnlineThe runaway success of Kubernetes adoption by enterprise software developers has created motivation for attackers to target these installations with specifically designed exploits that leverage its popularity. Attackers have become better at hiding their malware, avoiding the almost trivial security […]
February 12, 2024
Via: Cloud TweaksDynamic Application Security Testing (DAST) is an automated testing process designed to identify security vulnerabilities in a web application. It does this by simulating attacks on the application and analyzing the responses. Unlike static testing, which analyzes an application’s code, […]
February 9, 2024
Via: CSO OnlineCisco has fixed three serious cross-site request forgery (CSRF) vulnerabilities in its Expressway Series collaboration gateway and a denial-of-service (DoS) flaw in the ClamAV anti-malware engine. CSRF flaws allow unauthenticated attackers to perform arbitrary actions on vulnerable devices by tricking […]
February 8, 2024
Via: CSO OnlineThe aggressive use of large language models (LLMs) across enterprise environments in 2024 presents a new headache for CISOs. LLMs have their own cybersecurity challenges, especially with data leakage. The cloud has its own issues, with cloud platform providers making […]
February 6, 2024
Via: CSO OnlineCisco has announced plans to infuse new security and AI capabilities within Cisco Security Cloud, the company’s integrated, cloud-based security platform designed to secure on-premise, cloud, and hybrid environments, using in-house as well as third-party telemetry. New capabilities include Cisco […]
February 6, 2024
Via: Network WorldCisco is updating elements of its overarching Security Cloud platform to help enterprise customers better protect widely distributed resources. The enhancements include a new service called Identity Intelligence that brings together information from the vendor’s existing security products, such as […]
February 5, 2024
Via: CSO OnlineCloudflare has revealed that a nation-state actor hacked into the company’s self-hosted Atlassian server in November 2023, but the attack was stopped by the internal team within a few days of access. The hack, which used stolen tokens and credentials, […]
February 2, 2024
Via: TechRadarCloudflare is laying the blame for the cyberattack it suffered late last year the after-effects of the critical Okta breach. The content delivery service provider has published a blog post detailing the cybersecurity incident it suffered on Thanksgiving Day 2023, […]
January 26, 2024
Via: CSO OnlineCisco fixed a critical flaw this week that affects multiple Unified Communications and Contact Center Solutions products and could be exploited remotely by unauthenticated attackers to execute arbitrary code on impacted devices. Medium severity vulnerabilities have also been patched in […]
January 25, 2024
Via: Cloud TweaksA Cloud Workload Protection Platform (CWPP) is a security solution designed specifically for protecting cloud workloads, including virtual machines, containers, and serverless functions. They offer a range of capabilities such as monitoring, threat detection, vulnerability management, and compliance enforcement. CWPPs […]
January 22, 2024
Via: Network WorldBackblaze, the cloud backup provider known for its quarterly reports on hard drive failures, has announced new features for its enterprise backup service. The enhancements to the vendor’s endpoint backup service for businesses focus on cyber security and ransomware protection. […]
January 19, 2024
Via: TechRadarVulnerable Docker hosts are being targeted with an odd cybercrime campaign, whose goal isn’t to steal sensitive data, deploy stage-two malware, or mount devastating Distributed Denial of Service (DDoS) attacks. Instead, this campaign’s goal is to boost website traffic for […]
January 18, 2024
Via: Network WorldDell Technologies has released the latest edition of its Global Data Protection Index (GDPI), which questions enterprises about the potential impact of generative AI on the security threat landscape and emerging data protection requirements. Public clouds and cyberattacks remain the […]
January 17, 2024
Via: Network WorldCisco has raised the profile of the popular container connectivity technology eBPF (extended Berkeley packet filter) with its recent purchase of open-source, cloud-native networking and security firm Isovalent. Cisco announced the deal in late December and expects to close the […]
January 17, 2024
Via: Cloud TweaksThe digital landscape is evolving at a breakneck pace, and organizations are swiftly jumping on the digital transformation bandwagon to embrace cloud-native deployments to fuel growth. Whether we talk about scalability, efficiency, or flexibility, cloud adoption has never been more […]
January 12, 2024
Via: InfoWorldCloud finops is the discipline of accounting for and optimizing cloud computing spending. It’s a reaction to years of undisciplined cloud spending or a way to bring order back to using cloud resources. Overall, it is a step in the […]
January 9, 2024
Via: Cloud TweaksIn the world of online lending, data security is paramount. With the increasing reliance on digital platforms for financial transactions, ensuring the protection of sensitive information has become a critical concern. Data security encompasses measures and practices that safeguard data […]
January 9, 2024
Via: Computer WeeklyThe mass adoption of cloud environments has helped businesses transform their operations through scalability and cost efficiency, but it has also put additional strain on security professionals. Research shows almost two-thirds of security analysts say the size of the attack […]
December 29, 2023
Via: TechRadarGoogle Cloud has patched a vulnerability that may have allowed malicious actors with access to a Kubernetes cluster to elevate their privileges and wreak havoc. “An attacker who has compromised the Fluent Bit logging container could combine that access with […]