Pair of Brand-New Cybersecurity Bills Become Law
The Biden White House continued its efforts to shore up US cyber defenses by signing two bills into law, both with the goal of helping cybersecurity expertise and resources flow freely between federal agencies and down to municipalities in need of resources. The first piece of cybersecurity legislation, called the Federal Rotational Cyber Workforce Program…
Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead
Security teams should prepare for what researchers say will be a challenging environment through 2023, with increased pressure from government regulators, partners, and threat actors. Gartner kicked off its Security & Risk Management Summit with the release of its analysts’ assessments of the work ahead, which Richard Addiscott, the company’s senior director analyst, discussed during…
Security Lessons From Protecting Live Events
Live events such as concerts and sports games are generally chock-full of action, both on the field and behind the scenes. IT and security teams managing these venues navigate a complex environment that includes a traditional corporate infrastructure, special equipment required for the event, a large army of suppliers and contractors, and all of the…
Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code
According to the “2022 Verizon Data Breach Investigations Report,” stolen credentials were the top path leading to data breaches. More often than phishing or exploiting vulnerabilities, attackers gain direct access to credentials, letting them virtually walk into victim organizations using the front door. Low-code/no-code platforms make it extremely easy for users to share their credentials…
DoS Vulnerability Allows Easy Envoy Proxy Crashes
Researchers have discovered a denial-of-service (DoS) vulnerability in Envoy Proxy, which gives attackers the opportunity to crash the proxy server. This could lead to performance degradation or unavailability of resources handled by the proxy, according to JFrog Security Research, which disclosed the vulnerability (CVE-2022-29225). Envoy is a widely used open source edge and service proxy…
Tony Jarvis on Shifting Security Gears as We Move to the Cloud
The pandemic-propelled shift to work-from-home and bring-your-own-devices accelerated the already expanding move to the cloud. IDC predicts that global cloud spending will grow from $703 billion in 2021 to $1.3 trillion in 2025. Statista reports that the percentage of corporate data stored on the cloud rose from 30% in 2015 to 48% at the beginning…
Malwarebytes DNS Filtering helps IT and security teams block access to malicious websites
At RSA Conference 2022, Malwarebytes announced the expansion of its Nebula platform with a new DNS Filtering module available for Windows on June 14 and for Mac in July. Malwarebytes DNS Filtering is powered by Cloudflare‘s zero trust platform to deliver a flexible and comprehensive zero trust solution for Nebula users. Malwarebytes DNS Filtering module…
The reality of workload portability across clouds
Businesses are investing substantial funds and efforts into migrating workloads from on-premises infrastructure to public clouds, in part motivated by the hypothesis that, once cloud-based, those workloads will be relatively easy to move from one cloud provider to another. Unfortunately, the reality is unlikely to be so simple. It’s been estimated that about half of…
Why the Mitre Engenuity ATT&CK Evaluations Matter
As the cyber attack surface continues to rapidly expand, enterprises need a security solution that can help organizations to better understand, communicate, and mitigate cyber risk across their entire IT ecosystem. And with many offerings on the market, choosing the right product can be challenging. CISOs can make a more informed decision by leveraging the…
How Security Complexity Is Being Weaponized
In my last article, I discussed the trade-offs we often make between complexity and capabilities when adopting new security tools and why there is often a point of diminishing returns in terms of the value derived from these tools as we layer on incremental functionality. In this article, I delve a bit deeper into the…
