Search results for: zero trust

patch

January 2022 Patch Tuesday forecast: Old is new again

Welcome to 2022 and a new year of patch management excitement! I’m rapidly approaching 40 years working in this industry and I can honestly say there is rarely a dull day. If you are willing to take on the challenges presented, it is a great industry to work in and I hope you all are excited to start the new year too. Let’s look at some recent events which will be influencing this month’s patch … More

security platform

Finite State’s binary analysis enhances automated zero-day vulnerability detection

Vulnerabilities in the software supply chain are costing device manufacturers business. Threats like Treck TCP/IP and ThroughTek Kalay P2P SDK continue to emerge, and according to a recent Ponemon Institute report, nearly 60% of organizations have lost revenue due to product security concerns. Finite State has unveiled a way to reduce the business risk of those vulnerabilities through advanced binary analysis. Device manufacturers use board support packages (BSPs) and software development kits (SDKs) from third-party … More

Handshake

CompuGain collaborates with Rafay Systems to enhance secure Kubernetes implementations

CompuGain strengthens its DevSecOps practice and Kubernetes implementation partnering with Rafay Systems – a platform provider for Kubernetes operations to deliver innovative solutions on hybrid cloud environments, including public clouds, data centers, and edge. CompuGain, an AWS Advanced Consulting Partner with deep expertise in Kubernetes, offers enterprise-grade, fault-tolerant, highly scalable, compliant, and secure systems in right-sized, cloud-native and hybrid cloud environments. CompuGain’s DevSecOps practice provides mechanisms for seamless, automated container-workload delivery in controls-based environments. The … More

Infosec products of the month: December 2021

Here’s a look at the most interesting products from the past month, featuring releases from Action1, AwareGO, BlackBerry, Box, Castellan Solutions, Cloudflare, Code42, Cossack Labs, F5 Networks, Immuta, IriusRisk, MetricStream, MobileSphere, Nerdio, NetQuest, Oxeye, Ping Identity, Pondurance, SentinelOne, Syxsense, Tenable, ThreatConnect, Tufin, Veriff, Verimatrix, and Zerto. Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling Tenable enhanced Terrascan, an open source cloud native security analyzer that helps developers secure Infrastructure as … More

2022

Supply chains, ransomware, zero trust and other security predictions for 2022

As 2021 draws to a close, no one in their right mind thinks that cybersecurity risk is just someone else’s problem anymore; major cybersecurity incidents like the SolarWinds breach and the Colonial Pipeline ransomware attack have raised cybersecurity awareness among public opinions and decision-makers. The White House issued an Executive Order on cybersecurity in May to send a clear message about the administration’s priorities: create a nationwide commitment to enforcing cybersecurity best practices. Cybercrime is … More

IoT

Manufacturers of IT devices should step up when it comes to security

With significant growth projected in the global IoT market over the next 6 years, the need to subsequently secure devices at the edge from attacks, safe and secure through the manufacturing process, and managed securely throughout the life of the product will follow a similar trajectory, predict experts at Sequitur Labs. Recent reports indicate that the global IoT market is expected to reach nearly $1.5 trillion by 2027 as driving factors of increased demand of … More

week in review

Week in review: Log4j new vulnerabilities, Microsoft patch bypass, 2022 e-commerce threat trends

Here’s an overview of some of last week’s most interesting news, articles and interviews: The Log4j saga: New vulnerabilities and attack vectors discovered The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j v2.15.0. Log4Shell is a dumpster fire that should have been avoided If basic IT hygiene guidance had been followed, Log4j would have easily been immune to this type … More

Log4j

Log4Shell is a dumpster fire that should have been avoided

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files used by apps all over the world, from Microsoft’s Minecraft to Twitter to Tesla to Apple’s iCloud. This led to … More

Handshake

Beyond Identity joins MISA to defend customers against increasing cyber threats

Beyond Identity announced it has joined the Microsoft Intelligent Security Association (MISA), a coalition of independent software vendors and managed security service providers that have integrated their solutions with Microsoft’s security products to help joint customers better defend themselves against a world of increasing cyber threats. To be considered for MISA, organizations must be nominated by Microsoft and demonstrate integrations that support the goal of improving enterprise security. Today, organizations are struggling to secure all … More

bulb

Rethinking cybersecurity becomes imperative as devices and apps move away from physical offices

69.1% of professionals with security responsibility believe a rethink is needed to deal with the threat of cybersecurity now that devices and applications have moved outside the corporate network, a SentryBay survey reveals. The poll aimed to assess attitudes to cyber threats and methods of protecting vulnerable devices. It found that 58.3% of respondents believed that a zero-trust approach to security was essential, and 19.9% thought it was important. When asked if their organization had … More

Handshake

iTecs partners with Check Point to improve cybersecurity protection for clients

iTecs enters into a partnership with Check Point to provide iTecs clients with efficacious cybersecurity protection. The collaboration between the two parties enables iTecs to deliver the various services and products to clients as a managed service. “The traditional ‘perimeter-based’ security model is not aging well in this new landscape, and binary access tools are proving to be cumbersome and unscalable. Fixed perimeters no longer govern working environments. Instead, users work on their own devices … More

Acquisitions

ZeroFox acquires IDX to address emerging security challenges and goes public through a merger with LNFA

ZeroFox and L&F Acquisition Corp. (LNFA) announced that they have entered into a definitive agreement for a business combination that will result in ZeroFox becoming a publicly traded company with an expected equity value of approximately $1.4 billion, assuming no redemptions. As part of the transaction, ZeroFox will acquire IDX, a digital privacy protection and data breach response services company, resulting in the creation of a cybersecurity provider addressing the full lifecycle of external cyber … More