More than a third of companies that use serverless functions are not employing any application security best practices and are not using any tools or standard security methodologies to secure them.
Ever since authentication and authorization became the norm for access to computer systems, the principle of least privilege (POLP) has been the de-facto baseline for proper security. At its very core, least privilege access means granting a user just enough permissions (authorization) to access the data and systems in their company’s enterprise necessary to do his or her job – nothing more, nothing less. In theory, adhering to the POLP sounds like the perfect identity and access management strategy, but often implementing least privilege is easier said than done.
Identity management-as-a-service (IDaaS) products are popular these days because they have capabilities that help address many of the common challenges related to identity and access management (IAM) across the hybrid enterprise.
By The Recorded Future Team on June 27, 2018
- Threat intelligence is widely imagined to be the domain of elite analysts. In reality, it adds value across the security function for organizations of all sizes.
- Security teams are routinely unable to process the alerts they receive. Threat intelligence integrates with existing technologies to enable the automated prioritization of serious threats and removal of false positives.
- Vulnerability management teams cannot accurately prioritize the most important vulnerabilities without access to the external insights and context provided by threat intelligence.
- Preventative security measures are dependent on an understanding of the current threat landscape. Threat intelligence harvests key insights on threat actors, TTPs, and more from across technical, open web, and dark web sources.
It’s safe to say that threat intelligence is widely misunderstood.
Social SafeGuard, a 2014-founded U.S. startup which sells security services to enterprises aimed at mitigating a range of digital risks that lie outside the corporate firewall, has closed an $11 million Series B funding round, from AllegisCyber and NightDragon Security.
In light of the recent move by Verizon to stop sharing location data with third parties, companies need to rethink strategies for data gathering from users.
Although it’s quickly fading in the rearview mirror, the April 2018 RSA Conference underscored growing interest in a more disciplined style of cyber risk management that mirrors traditional business risk management.
Consumers today are becoming increasingly concerned about data security and privacy as a result of the countless breaches that have made news headlines over the past few years. The need for establishing digital trust is on the rise.
Twitter has given millions of users a way of making their accounts even harder to hack, with the introduction of support for physical keys.
The rapid pace of technology innovation and applications in recent decades — you could argue that just about every kind of business is a “tech” business these days — has spawned a sea of tech startups and larger businesses that are focused on serving that market, and equally demanding consumers, on a daily basis. Today, a venture capital firm in the UK is announcing a fund aimed at helping to grow the technologies that will underpin a lot of those daily applications.
Security breaches are a disaster for corporate companies, but good news if you’re someone who offers preventative solutions. Today in 2018, wide-ranging attacks on the likes of Equifax, Sony Pictures and Target have only added value to those charged with safeguarding companies.
Twitter has announced a range of actions intended to bolster efforts to fight spam and “malicious automation” (aka bad bots) on its platform — including increased security measures around account verification and sign-up; running a historical audit to catch spammers who signed up when its systems were more lax; and taking a more proactive approach to identifying spam activity to reduce its ability to make an impact.
Last fall, energy companies in several countries, including Germany and the United States, found out via a cybersecurity report from Symantec that hackers had figured out a way to breach their infrastructures.
New Zealand-based fuel supplier Z Energy Ltd on Wednesday said it has been presented with evidence that customer data from its Z Card Online database was accessed by a third party in November 2017. The database held customer data such as names, addresses, registration numbers, vehicle types and credit limits with the company, Z Energy said in a statement. The data accessed did not include bank details, pin numbers or information that would put customer finances directly at risk, it said. Z Energy did not specify the extent to which its customer data had been compromised.
About 65% of surveyed current and former attendees at the annual Black Hat USA security conference say they’re limiting their use of Facebook or not using it at all after the recent controversies over the company’s security practices, Black Hat reports. The organization has surveyed its attendees on security matters annually since 2015, and the majority of those surveyed reported working in a computer security profession. This year’s survey generally found attendees pessimistic about the outlook for privacy and security.
Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to various devices or files and requiring users to pay a ransom (usually in Bitcoins or another widely used e-currency), if they want to regain access to their files and devices.
UST Global is a multinational digital and tech services firm, but it is not your average unicorn.
On the back of what was a fantastic first round of questioning with insightful responses from leading figures in the IT security industry, the CISO Chat segment on the IT Security Guru has returned for the second round of questioning. We have caught up with a host of CISO’s and senior security experts to get their thoughts and ideas on the 2018 cyber landscape and will include advice, guidance & problems faced. We will leave the favourite food and hobby questions for another time.
A growing cadre of federal IT leaders recognize that fortifying their defenses is no longer enough to protect their agencies amid the rising tide of cyberthreats.
An anonymous reader quotes a report from NPR: The city of Orlando, Fla., says it has ended a pilot program in which its police force used Amazon’s real-time facial recognition — a system called “Rekognition” that had triggered complaints from rights and privacy groups when its use was revealed earlier this year. Orlando’s deal to open part of its camera systems to Amazon was reported by NPR’s Martin Kaste in May, after the ACLU noticed that an Amazon Rekognition executive mentioned the city as a customer.
On Monday, the ACLU of Florida wrote a letter to Mayor Buddy Dyer and the Orlando City Council, demanding that the city “immediately” shut down “any face surveillance deployment or use by city agencies and departments.” On the same day, Orlando city and police officials issued a joint statement saying that the test of how its officers might use the Rekognition technology ended last week. The city added, “Staff continues to discuss and evaluate whether to recommend continuation of the pilot at a further date,” adding that “the contract with Amazon remains expired.”