The threats are constantly shifting, subject to trends in cryptocurrency use, geopolitics, the pandemic, and many other things; for this reason, a clear sense of the landscape is essential. Below, you’ll find a quick guide to some of the most pressing threats of the coming year. Linux and cloud infrastructure will continue to be a […]

With great power comes great responsibility and CIOs (Chief Information Office) of an organization are no different. Technology is always changing, it is a very difficult job to keep up with the changes. CIOs are expected to be aware of and have a detailed understanding of major IT industry trends, new technologies, and IT best […]

At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported. The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along withMailChimp and Steam […]

Prevent and Detect Lateral Movement Security and Privacy Preserving for IoT and 5G Networks: Techniques, Challenges, and New Directions 

Practical Cloud Security: A Guide for Secure Design and Deployment MicroMasters® Program in Cloud Computing

“Today’s hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious.” Human interaction online has largely moved to […]

Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victims’ software development processes. These were the results of a report from Palo Alto Networks’ security specialist Unit 42, which conducted a red team exercise with a large SaaS provider. […]

IBM Security Services today published a report detailing a raft of issues pertaining to cloud security, including the fact that there are nearly 30,000 cloud accounts potentially for sale on dark web marketplaces. The report is based on dark web analysis, IBM Security X-Force Red penetration testing data, IBM Security Services metrics, X-Force Incident Response analysis and […]

This, paired with the “anything you can do, I can do better” mantra adopted by today’s nation-state threat actors, has left mission-critical information vulnerable to attack as it undergoes the great cloud migration. These agile threat actors – without any red tape to stand in their way – have already adopted a cloud-centric mindset, oftentimes at […]

What do AWS Partners with Level 1 Managed Security Service (MSSP) Competency provide? All AWS Level 1 MSSP Competency Partners provide at minimum the ten 24/7 security monitoring, protection, and remediation services as defined in the Level 1 Managed Security Services baseline. Those ten 24/7 services specifically are below. Many of the Level 1 MSSP […]

While Security Orchestration Automation and Response (SOAR) solutions help automate and structure these activities, the activities themselves require telemetry data that provide the breadcrumbs to help scope, identify and potentially remedy the situation. This takes increasing significance in the cloud for a few reasons: The public cloud shared security model may lead to gaps in the telemetry (e.g., lack […]

By 2022, API abuses will become the most frequent attack vector, predicts Gartner. We’re already witnessing new API exploits reach the headlines on a near-daily basis. Most infamous was the Equifax breach, an attack that exposed 147 million accounts in 2017. Since then, many more API breaches and major vulnerabilities have been detected at Experian, Geico, Facebook, Peleton and […]

It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. Below is the list of mitigations provided by the US agencies: Scan containers and Pods for vulnerabilities or misconfigurations. Run containers and Pods with the least privileges possible. Use network […]

Further, a recent Sophos survey found that the average post-attack remediation costs, including lost business, grew to nearly $2 million per incident in 2021, about 10 times the size of the ransom payment itself. CISOs and hands-on security professionals are implementing several tactics to defend their organization, and these include proactive threat hunting and technical defenses like multi-factor authentication. […]

STORING YOUR DATA IN THE CLOUD

Embracing new technologies lead to qualitative growth but simultaneously holds high chances of quantitative data breaches. While adopting cloud technology, it is important to see the security of cloud infrastructure as one of the crucial responsibilities. There are various organizations out there that are still unsure of the security of their data present in the […]

The growing reliance on public cloud services as both a source and repository of mission-critical information means data owners are under pressure to deliver effective protection for cloud-resident applications and data. Indeed, cloud is now front of mind for many IT organisations. According to recent research by Enterprise Strategy Group (ESG) cloud is “very well-perceived by data […]

A strong case can be made that shoring up defenses requires “automating out” the weakest link – i.e., humans – from any cloud that companies are entrusting with their data. This applies to their internal, on-premise clouds as well as to the external cloud vendors that they choose to engage with. In “automating out the […]

For some time, the public cloud has actually been able to offer more protection than traditional on-site environments. Dedicated expert teams ensure that cloud servers, for example, maintain an optimal security posture against external threats. But that level of security comes at a price. Those same extended teams increase insider exposure to private data—which leads […]

Today, rapid digitalization has placed a significant burden on software developers supporting remote business operations. Developers are facing continuous pressure to push out software at high velocity. As a result, security is continuously overlooked, as it doesn’t fit into existing development workflows. The way we build software is increasingly automated and integrated. CI/CD pipelines have […]