Search results for: software

insider threat

3 ways any company can guard against insider threats this October

October is Cybersecurity Awareness Month, but most business leaders and consumers don’t need a special event to remember cybersecurity’s preeminence in today’s turbulent digital landscape. Even so, a little reminder can’t hurt. With the average cost of a data breach surpassing $4 million for the first time and everything from phishing scams to ransomware attacks reaching record highs in frequency and scope, awareness is always just a headline away. That’s why, according to Gartner’s 2021 … More


Corporate attack surface exploding as a result of remote work

74% of organizations attribute recent business-impacting cyberattacks to vulnerabilities in technology put in place during the pandemic. The data is drawn from a study of more than 1,300 security leaders, business executives and remote employees conducted by Forrester Consulting. From cloud services and applications to personal devices and remote access tools, the corporate attack surface exploded in record time. Difficulty managing the plethora of technologies has made enterprises more vulnerable and propelled cyberattacks. Moreover, 80% … More


SaaS security is becoming a primary concern for businesses

One of the frequently touted advantages of using software-as-a-service (SaaS) solutions is their maintenance-free and supposedly inherently secure nature. These services are maintained by their providers and users do not have to worry about configuring, troubleshooting, and updating them. Things are not as simple as that, though. SaaS solutions are far from invulnerable and they can become serious cybersecurity problems. While it can be said that securing them is mostly not the responsibility of users, … More

week in review

Week in review: How to retain best cybersecurity talent, securing Kubernetes, data decay

Here’s an overview of some of last week’s most interesting news, articles and interviews: A new zero-day is being exploited to compromise Macs (CVE-2021-30869) Another zero-day in Apple’s software (CVE-2021-30869) is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and iOS 12. Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005) VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud … More

Cequence Security expands its leadership team with two executive hires

Cequence Security announced it has expanded its leadership team with two new executive hires: Mischa Travers as Chief Financial Officer (CFO) & General Counsel and Vishal Chauhan as Vice President of Customer Success. In his new role, Travers will head up all things finance and legal, guiding Cequence Security’s financial strategy and paving a path forward for its growth in the API security market. Travers brings over 20 years of experience in finance and legal … More

Red Box provides certified compliance recording solution for Microsoft Teams

Red Box announces the certification of its compliance recording solution for Microsoft Teams as part of the Microsoft Independent Software Vendor (ISV) Partner Certification Programme. Following extensive third-party approved testing, the solution ensures adherence to regulatory requirements with a policy-based compliance recording integration for Microsoft Teams, providing secure capture, transcription, storage, retrieval, archiving and metadata-controlled retention of enterprise-wide communications. “The certification is a powerful endorsement of Red Box’s communication capture capabilities, empowering organizations across a … More

OWASP Top 10

OWASP Top 10 2021: The most serious web application security risks

The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? “We get data from organizations that are testing vendors by trade, bug bounty vendors, and organizations that contribute internal testing data. Once we have the data, we load it together and run a fundamental analysis of what CWEs map to risk categories,” the Open Web … More


A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

Another zero-day in Apple’s software (CVE-2021-30869) is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and iOS 12. About CVE-2021-30869 Flagged by researchers Erye Hernandez and Clément Lecigne of Google’s Threat Analysis Group and Ian Beer of Google Project Zero, the vulnerability is a type confusion issue found in XNU, the kernel of Apple’s macOS and iOS operating systems. As usual, Apple did not share any details … More

New infosec products of the week: September 24, 2021

Here’s a look at the most interesting product releases from the past week, featuring releases from CoSoSys, Druva, McAfee, Nutanix and Stairwell. CoSoSys Endpoint Protector enables users to override a DLP policy Endpoint Protector brings a host of new features to customers, including support for user remediation, and the ability to use the Azure AD API in Microsoft Graph to synchronize user profiles. Nutanix Cloud Platform improves support for mission-critical workloads with AOS … More

US president

Policy and patience key in Biden’s cybersecurity battle

Last month, President Biden hosted a group of technology and insurance executives to build support for a “whole-of-nation effort” to improve cybersecurity. The executive summit was one of a series of steps the Biden administration has taken to try to stem the tide of criminal activity targeting the nation’s public and private computer networks. Ransomware attacks increased by 288% between January-March 2021 and April-June 2021. The Biden administration, in addition to using its convening power … More


Most IT leaders prioritize cloud migration, yet security concerns remain

There has been a significant year-on-year leap in companies planning to move business-critical applications to the cloud, despite cybersecurity concerns, Equinix has found. The need to remain competitive and cater to increased user demands has prompted a 15% jump to 37% of companies saying they plan to move business-critical applications to the cloud in 2020-21, compared to the previous year. Despite security concerns, IT infrastructure is being moved to the cloud As digital leaders build … More


SaaS subscriptions bouncing back as enterprises seek innovation

Enterprises worldwide continue to migrate from proprietary, licensed software to software-as-a-service (SaaS) subscriptions as they seek innovation, better user experience and lower cost, according to a report published by Information Services Group (ISG). The report on the global market finds enterprise SaaS demand rebounding from a slowdown caused by the COVID-19 crisis. A 21 percent growth in combined SaaS and infrastructure-as-a-service (IaaS) annual contract value is predicted in 2021. “Enterprises in all industries are adapting … More