Beware the tools that can bring risk to a Windows network
There are a few essential questions that anyone maintaining security on a Windows network needs to ask right now to avoid engaging in some very risky behavior, but there’s one that may be the most important of all — are you aware of tools in your network that may be bringing more risk? Many of…
Iranian APT group launches destructive attacks in hybrid Azure AD environments
Recent destructive attacks against organizations that masquerade as a ransomware operation called DarkBit are likely performed by an advanced persistent threat (APT) group that’s affiliated with the Iranian government. During some of these operations the attackers didn’t limit themselves to on-premises systems but jumped into victims’ Azure AD environments where they deleted assets including entire…
Cloud Security Firm Lacework Raises Record-Breaking $1.3 Billion
Following the massive infusion of cash, investors are valuing the company at $8.3 billion. San Francisco, California-based Lacework was founded in 2015 by Mike Speiser (managing director of Sutter Hill Ventures) Sanjay Kalra (now founder and CEO at ShiftRight), and Vikram Kapoor (CTO). It was built on the principal that cloud security is fundamentally a…
Microsec.ai Exits Stealth With Cloud Application Runtime Protection Platform
The company’s agentless CNAPP solution aims to secure multi-cloud IaaS and PaaS environments, as well as containers and data, through a single, unified interface. Founded in February 2021, the Santa Clara, California-based company offers support for major cloud infrastructure providers, including AWS, Azure, Google, IBM, and Oracle. Microsec.ai claims to provide visibility into containers, microservices,…
OMI vulnerabilities threaten Linux virtual machines on Azure
News has surfaced of a rather dangerous practice in Microsoft Azure, whereby when a user creates a Linux virtual machine and enables certain Azure services, the Azure platform automatically installs the Open Management Infrastructure (OMI) agent on the machine. The user won’t know it. Although a stealth installation might sound terrible on its face, this…
Azure AD Identity Protection now revolves around risky users and risky sign-ins
Launched in September 2018, Microsoft Threat Protection (MTP) integrates a number of Microsoft services to provide a fully integrated, end-to-end solution for securing the entire attack surface of enterprises: identities, endpoints, user data, cloud apps, and infrastructure. Since MTP’s launch, Microsoft has slowly been polishing the offering by adding new and improved features such as…
It Takes an Average 38 Days to Patch a Vulnerability
It takes over a month for the average organization to patch its most critical vulnerabilities, according to a new report detecting trends in Web application attacks. The data comes from tCell, which today released its Q2 2018 “Security Report for In-Production Web Applications.” Researchers analyzed more than 316 million security incidents across its customer base…
Microsoft Launches Security Program For Azure IoT
Microsoft has launched a new program for its Azure cloud platform to help business customers strengthen their security posture amid the rise of the Internet of Things. Security and privacy concerns are top of mind for IT pros as the IoT continues to grow within the enterprise. Many struggle to verify the security of their…