The U.S. Department of Commerce is soliciting input on a Trump administration cybersecurity executive order that requires cloud providers to verify the identities of certain users - particularly cyber actors potentially operating abroad and leveraging U.S. cloud technologies.
Microsoft has disclosed details of a vulnerability that researchers at Palo Alto Networks have named "Azurescape" because the attacks start from a container escape technique. The flaw "could potentially allow a user to access other customers’ information in the ACI service," Microsoft says.
A compromised identity and its associated shared accounts are the single most
effective attack vector for a threat actor to compromise an entire multicloud
Download this whitepaper to learn how to protect your entire cloud environment, including:
Restricting the privileges any user, application,...
DevOps-driven adoption of new
technologies and processes
may mean security is an afterthought
and can expose new
gaps in security coverage and
Download this whitepaper which provides an overview of what DevSecOps is and how organizations can adopt its
practices in conjunction with technologies...
Kubernetes-native security is based on a single principle: security is implemented most effectively
when it is aligned with the system that is responsible for managing all of an organization’s containerized
Download this whitepaper which explores the six characteristics a security platform must...
The rapid adoption of open source projects can introduce vulnerabilities in standard
Kubernetes environments. OpenShift Container Platform supports these projects, allowing users to
gain open source advantages with a managed product’s stability and security. Red Hat OpenShift
offerings include five managed and...
Researchers believe that a malware variant that specifically targets poorly protected or misconfigured Windows containers has been uncovered for the first time, according to a report published by Palo Alto Networks' Unit 42. A successful attack establishes a backdoor and persistence.
Symphony Technology Group's acquisition of FireEye Products Business in a $1.2 billion deal will set up the private equity group to better compete with security giants such as Microsoft and Cisco, while unlocking profit potential for FireEye and the now stand-alone Mandiant Solutions, analysts say.
The mass migration to cloud has only added to the global cybersecurity gap, and John Yeoh, global vice president of research at the Cloud Security Alliance is among those calling for greater "diversity by design" as enterprises look to fill these roles.
Rapid7 has acquired Velociraptor, an open-source endpoint-monitoring organization and community that will continue to operate as a stand-alone entity while the security firm adopts some of its technology. Meanwhile, Zscaler had announced a deal to buy Trustdome.
The new year has kicked off with a flurry of data security company acquisition activity; five deals have already been announced. Companies making acquisitions are striving to improve their secure access service edge - or SASE - posture, enter new markets or bolster their technology portfolios.
Philip Reitinger has held senior cybersecurity leadership roles in both the public and private sectors. He's seen big breaches. And he says what he sees so far in the SolarWinds attack may be just the "tip of the iceberg" in terms of government and business entities that have been compromised.