Businesses are increasingly moving their data to the cloud, making cloud security a top priority. To address this growing need, Google Cloud has introduced Security Command Center Enterprise (SCC Enterprise), a new solution that combines Google’s security fabric with threat intelligence from Mandiant. SCC Enterprise provides businesses with a more comprehensive view of their cloud…

Read More

Apr 11, 2024NewsroomSpyware / Cyber Espionage Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are…

Read More

The top 10 open source risks OWASP 1: Known vulnerabilities This section covers OSS components with known vulnerabilities such as software flaws, often inadvertently introduced by software developers and maintainers and then subsequently disclosed publicly, often by security researchers in the community. These vulnerabilities may be exploitable depending on the context in which they are…

Read More

Apr 11, 2024NewsroomVulnerability / Threat Mitigation Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. “An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94]…

Read More

History of RSA Conference. Bruce Schneier. The First ‘Exhibitor’ in 1994. Listen to the Audio on SoundCloud.com Bruce Schneier was at the first ever RSA Conference in 1991, and he was the first ‘exhibitor’ in 1994 when he asked Jim Bidzos, Creator of the RSA Conference, if he could sell copies of his book “Applied…

Read More

Apply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.4: Perform…

Read More

MPs aren’t just getting excited about an upcoming election, but also the fruity WhatsApp messages they’re receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show? All this and much much more is discussed in the latest edition of the “Smashing…

Read More

Written by Matt Mills, President, SailPoint From smartphones to video game consoles, people love to throw around the term “next generation.” But what does it actually mean? Well, when the term is applied to a piece of technology, it usually means something that fundamentally changes the way we think about and use that technology. Blackberry…

Read More

Collectively, these recommendations offer a roadmap for, if not averting similar cloud disasters in the future, then at least positioning CSPs and their customers to deal with these kinds of incidents in a better posture. Although each recommendation is heavily substantive and valuable, experts raise some of the more significant recommendations that CSPs should consider…

Read More

The latest email campaign detected by Proofpoint used an invoice-related lure written in German that was crafted to appear as if sent by Metro, a large German retailer. Dozens of organizations from various industries in Germany were targeted. The rogue emails contained a password-protected ZIP archive with the password provided in the email message. Inside,…

Read More