How likely are mid-market organizations to experience a breach by the end of 2021?

Coro released an extensive cybersecurity research report revealing a true market failure: a severe lack of preparedness of the mid-market sector, which is comprised of companies with between 100 and 1,500 employees, to defend against an expanding array… Continue reading How likely are mid-market organizations to experience a breach by the end of 2021?

Lack of API visibility undermines basic principle of security

One of the oldest principles of security is that you cannot secure what you cannot see. Visibility has always been the starting place for monitoring and protecting attack surface and valuable resources. Various technical challenges have come to bear ov… Continue reading Lack of API visibility undermines basic principle of security

Hackers fire off hoax email messages from FBI account after exploiting misconfigured server

Hackers sent a barrage of fake emails over the weekend using an FBI email account, the agency acknowledged, to falsely warn recipients that an attacker stole their information. The nonprofit spam-tracking service Spamhaus Project estimated that the hoax email campaign comprised as many as 100,000 messages. The FBI said that the hackers temporarily broke in via a software misconfiguration for its Law Enforcement Enterprise Portal that the bureau uses to communicate with state and local law enforcement agencies. “While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the FBI said in a Sunday update. “No actor was able to access or compromise any data or PII on the FBI’s network.” The email campaign sought to smear Vinny Troia, a cybersecurity author and CEO of Night Lion Security, as the party […]

The post Hackers fire off hoax email messages from FBI account after exploiting misconfigured server appeared first on CyberScoop.

Continue reading Hackers fire off hoax email messages from FBI account after exploiting misconfigured server

Storage systems vulnerabilities: Act now to avoid disasters

Continuity issued a research report which provided an analysis of the vulnerabilities and misconfigurations of enterprise storage systems. The findings revealed that storage systems have a significantly weaker security posture than the other two layers… Continue reading Storage systems vulnerabilities: Act now to avoid disasters

Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings

Security misconfigurations are one of the most common gaps hackers look to exploit. One bad configuration setting in a popular cloud platform can have far-reaching consequences, allowing threat actors to access an abundance of valuable, personal inform… Continue reading Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings

Securing Kubernetes as it becomes mainstream

In this interview with Help Net Security, Shauli Rozen, CEO at ARMO, talks about securing Kubernetes (K8s) systems, what makes them susceptible to cyberattacks and what should organizations expect when deploying them. As every other platform, Kubernete… Continue reading Securing Kubernetes as it becomes mainstream

9 tips to avoid cloud configuration conundrums

Configuration-related errors continue to result in avoidable losses of customer data and, consequently, their trust and loyalty, as well as revenue. The recent T-Mobile’s breach is reported to be the result of a misconfiguration that made an acce… Continue reading 9 tips to avoid cloud configuration conundrums

Checking for misconfigurations isn’t enough

Misconfiguration errors are often the main focus of security for cloud-native applications, and for good reason. Earlier this year, Hobby Lobby accidentally exposed 136 GB of sensitive data for 300,000 customers. Artwork Archive was recently alerted th… Continue reading Checking for misconfigurations isn’t enough

Can on-prem security experts make the move to the cloud?

As cloud computing grows in popularity across all use cases, cloud workloads have never been more attractive to malicious actors. A recent McAfee report points to a 630 percent increase in attacks aimed at cloud services since January 2020. There are s… Continue reading Can on-prem security experts make the move to the cloud?

Cloud security posture confidence is high, yet most IT pros have experienced a cloud-related breach

OpsCompass announced the results of a report it conducted on cloud security posture and management challenges. The report is based on survey responses from 253 full-time, US-based, IT professionals who develop, and either deploy or manage enterprise cl… Continue reading Cloud security posture confidence is high, yet most IT pros have experienced a cloud-related breach