cloud computing
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)
VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to …
Embracing offensive cybersecurity tactics for defense against dynamic threats
In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact …
4 warning signs that your low-code development needs DevSecOps
Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will …
Looney Tunables bug exploited for cryptojacking
Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into …
Cybersecurity workforce shortages: 67% report people deficits
The global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs, according to ISC2. While this is the highest …
The hidden costs of Java, and the impact of pricing changes
An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone …
High-business-impact outages are incredibly expensive
In this Help Net Security video, Peter Pezaris, Chief Strategy and Design Officer at New Relic, discusses observability adoption and how full-stack observability leads to …
What AppSec and developers working in cloud-native environments need to know
All enterprise organizations are, in essence, software publishers, regardless of their industry. This is because every enterprise relies on custom software applications for …
Access control in cloud-native applications in multi-location environments (NIST SP 800-207)
NIST released Special Publication (SP) 800-207A – “A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location …
Lack of visibility into cloud access policies leaves enterprises flying blind
Fragmented access policies are top security concern in multi-cloud environments, with more than 75% of enterprises reporting they do not know where applications are deployed …
Maintaining consistent security in diverse cloud infrastructures
As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge …
Attackers can turn AWS SSM agents into remote access trojans
Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual …