Beware the tools that can bring risk to a Windows network
There are a few essential questions that anyone maintaining security on a Windows network needs to ask right now to avoid engaging in some very risky behavior, but there’s one that may be the most important of all — are you aware of tools in your network that may be bringing more risk? Many of…
Cloud access security brokers (CASBs): What to know before you buy
As the name suggests, a cloud access security broker (CASB) manages access between enterprise endpoints and cloud resources from a security perspective. CASBs can be deployed on-premises or in the cloud; as a hardware appliance or software-only, as a proxy, reverse proxy, or through specific APIs. Enterprises have untold numbers of endpoints, both managed (corporate-owned…
Critical flaw found in Fluent Bit cloud services monitoring component
Security researchers at Tenable have discovered a potentially critical memory corruption vulnerability in Fluent Bit, a core component in the monitoring infrastructure of many cloud services. The vulnerability, dubbed Linguistic Lumberjack and tracked as CVE-2024-4323, stems from coding flaws within Fluent Bit’s built-in HTTP server. Left unresolved the vulnerability could lead to denial of service,…
Amazon debuts biometric security device, updates Detective and GuardDuty
The latest security announcements from Amazon aim to address a wide range of security issues for businesses, including an all-in-one hand-scanning biometric system and new capabilities for its Detective security visualization tool and GuardDuty continuous monitoring solution. Amazon One Enterprise is the most novel of the company’s announcements, which were made this week at its…
Cohesity taps Amazon for generative AI, cloud-based security
Bringing its security and data analysis capabilities to a new potential audience, data security and multicloud data management provider Cohesity is now taking signups for access to its Turing generative AI features via Amazon’s Bedrock front-end for cloud-based AI. Cohesity Turing’s AWS-available features, the company announced Monday, will center on three main areas. The first…
Securing Cloud Identities to Protect Assets and Minimize Risk
As organizations increasingly move their data and workloads to the cloud, securing cloud identities has become paramount. Identities are the keys to accessing cloud resources, and, if compromised, they enable attackers to gain access to sensitive data and systems. Most attacks we see today are client-side attacks, in which attackers compromise someone’s account and use…
Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals
Cisco’s massive $28 billion acquisition of Splunk in September was the financial highlight of a quarter during which several other vendors also made strategic purchases to position themselves for emerging enterprise requirements around cloud, application, and identity security. The acquisitions added to a better-than-expected quarter ended Sept. 30, 2023, with venture funding also picking up…
Lacework Expands Partnership With Google Cloud to Deliver Enterprise Flexibility in the Cloud
Lacework, the data-driven cloud security company, today announced an expansion of its partnership with Google Cloud. Several new features will allow joint customers to innovate even faster in Google Cloud environments with the confidence that their cloud environment is even more secure. Customers can now choose to have the full Lacework platform, which provides data-driven…
Attackers can abuse Google Cloud Build to poison production environments
Researchers warn that a permission associated with the Google Cloud Build service in Google Cloud can be easily abused by attackers with access to a regular account to elevate their privileges and potentially poison container images used in production environments. Google Cloud Build is a CI/CD platform that allows organizations and developers to execute code…
Can Cloud Services Encourage Better Login Security? Netflix’s Accidental Model
This month, Netflix stumbled backward into a policy that may have lasting security benefits for users. Its accidental pro-customer safety move could be an object lesson for other business-to-consumer (B2C) organizations looking to improve customer account security. The streaming giant brought its new “household” policy to US customers on May 23. From now on, accounts…
