Chaos in the Cloud: Rampant Cloud Activity Requires Modern Protection
Blog Published: 05/17/2023
Originally published by CrowdStrike. Digital transformation isn’t only for the good guys. Adversaries are undergoing their own digital transformation to exploit modern IT infrastructures — a trend we’re seeing play out in real time as they increasingly adapt their knowledge and tradecraft to expl...
Community Alert: Organized Credential Stuffing Attack Observed on Azure Cloud Environments
Blog Published: 05/17/2023
Originally published by Gem Security on May 5, 2023. Written by Alice Klimovitsky. Over the past few days, researchers at Gem Security have been tracking what appears to be an organized credential stuffing attack playing out on Azure cloud environments. This post serves as a community warning abo...
Millions Wasted on Kubernetes Resources
Blog Published: 05/16/2023
Originally published by Sysdig. Written by Javier Martínez. The Sysdig 2023 Cloud-Native Security and Container Usage Report has shed some light on how organizations are managing their cloud environments. Based on real-world customers, the report is a snapshot of the state of cloud-native in 2023...
Identity in the Cloud is at its Breaking Point
Blog Published: 05/16/2023
Originally published by Strata. The hardest part of identity and access management (IAM) technology is making it work with multi-vendor infrastructure and the growing number of applications that enterprises rely on to get business done. Primarily because the last-mile integration of applications ...
The Internet-Based Threats Putting Your Organization at Risk
Blog Published: 05/15/2023
Originally published by Lookout. Written by Stephen Banda, Senior Manager, Security Solutions, Lookout. The way we connect in the workplace has changed. For one, “the workplace” isn’t just limited to the office anymore, and that means instead of relying on a corporate network, employees are u...
Keeping VIP Emails Safe: Why Your Executives Are Your Largest Security Concern
Blog Published: 05/15/2023
Originally published by Abnormal Security. Written by Mike Britton. Account takeovers are, unfortunately, relatively easy to execute and incredibly difficult for legacy email security solutions to detect. Additionally, once an account has been compromised, it can lead to more costly attacks such ...
The Art of Prioritizing Vulnerabilities: Maximizing Your Defense
Blog Published: 05/12/2023
Written by Alex Vakulov According to FIRST, organizations can eliminate from 5% to 20% of vulnerabilities per month. The average time to fix vulnerabilities is growing. At the same time, according to Skybox Security, there was a 3x increase in the number of vulnerabilities over the past decade. ...
Responding to Insider Risk is Hard. Here Are 4 Things You Need to Do.
Blog Published: 05/11/2023
Originally published by Code42. Written by Meredith Atkinson. Data doesn’t move outside your organization by itself. It’s your employees who move it. Data loss from insiders is a growing concern for organizations. In fact, there was a 32% year-over-year average increase in the number of insider e...
Exploring Challenges and Solutions for API Security
Blog Published: 05/11/2023
Originally published by CXO REvolutionaries. Written by Sanjay Kalra, VP, Product Management, Zscaler. It’s an unfortunate reality that APIs are easy to expose but difficult to defend. By acting as translators between applications, they have become the favored tools for ensuring apps of varied or...
8 Things Healthcare Organizations Can Do to Ensure HIPAA Compliance in the Cloud
Blog Published: 05/11/2023
Originally published by Schellman. “Clouds come floating into my life, no longer to carry rain or usher storm, but to add color to my sunset sky,” said Bengali polymath Rabindranath Tagore. It’s a nice, optimistic sentiment, but if you’re a healthcare provider using the cloud, you’re likely think...
QakBot eCrime Campaign Leverages Microsoft OneNote Attachments
Blog Published: 05/10/2023
Originally published by CrowdStrike. In November 2021[1] and February 2022[2], Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the internet. Following these changes, CrowdStrike Intelligence observed eCrime adversaries that had previous...
Four Considerations for Building a Secure and Efficient Hybrid Cloud Enterprise
Blog Published: 05/10/2023
Originally published by Signal Hill. Written by Steve Jones, President and Founder, Signal Hill. Most organizations today are operating within a hybrid cloud environment, where the IT enterprise is made up of both on-prem hardware and public cloud-hosted services. While the public cloud offers s...
Maintaining PCI Compliance when Using Multiple Processors
Blog Published: 05/09/2023
Originally published by TokenEx. Written by Anni Burchfiel. Compliance with PCI DSS 4.0 (the Payment Card Industry Data Security Standard) is a necessary, but complicated, part of accepting payments for your business. Any system that processes or stores cardholder data, including third-party paym...
Data Flow Security: Mitigating the Risks of Continuous Data Movement in the Cloud
Blog Published: 05/09/2023
Originally published by Dig Security. Written by Yotam Ben-Ezra. Executive Summary Data movement is ubiquitous in cloud environments due to diffuse architectural patterns and broad organizational access to data.Uncontrolled data flows can create compliance issues and lead to poor visibility over ...
A Complete Roadmap for Tackling a Ransomware Incident
Blog Published: 05/09/2023
Written by David Balaban. Ransomware continues to keep enterprises and governments on their toes. The unscrupulous operators of notorious strains such as LockBit, Clop, ALPHV/BlackCat, and Conti are increasingly adept at infiltrating networks and raiding them via two-step extortion that combines ...
The Pros and Cons of Zero Trust Security
Blog Published: 05/08/2023
Originally published by TrueFort. As an industry best practice, Zero Trust Security has gained much respect in recent years as the recognized way to prevent insider threats and increase the overall security of a company’s network. Many in the cybersecurity industry are of the philosophy that a br...
A Tale for the Ages & How DSPM Saved the Day
Blog Published: 05/04/2023
Originally published by Laminar. Written by Karen Sung, Sr Director of Field & Channel Marketing, Laminar. Today, I want to tell a story of data security posture management (DSPM).The tale of DSPM is about a representative company that faced challenges in securing its sensitive data in the cl...
Zero Trust is a Journey. Not a Single Project.
Blog Published: 05/04/2023
Originally published by CXO REvolutionaries. Written by Larry Biagini, Chief Technology Evangelist, Zscaler. A successful digital transformation cannot be achieved while using antiquated networking concepts, tiptoeing toward change, and avoiding risk. Thinking about enterprise security in terms o...
I2Pminer MacOS Mineware Variant
Blog Published: 05/03/2023
Originally published by CrowdStrike on February 23, 2023. CrowdStrike analyzed an I2Pminer variant that targets macOSThe mineware utilizes I2P to hide XMRig network trafficCrowdStrike recently analyzed a macOS-targeted mineware campaign that utilized malicious application bundles to deliver open ...
Definitive Guide to Hybrid Clouds, Chapter 7: Selecting the Right Cloud VAF and NDR Vendor
Blog Published: 05/03/2023
Originally published by Gigamon. Written by Stephen Goudreault. Editor’s note: This final post of this series explores Chapter 7 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1, Chapter 2, Chapter 3, Chapter 5, and Chapter 6.If you haven’t starte...