Author: Admin

The 14 Cloud Security Principles explained – IT Governance UK Blog

Posted on by Admin
The 14 Cloud Security Principles explained – IT Governance UK Blog

Cloud security is an essential part of today’s cyber security landscape. With hybrid working now the norm, many organisations are relying on Cloud services to access data from home or the office. But whenever organisations adopt technological solutions such as this, they must acknowledge the risks that come with it. Indeed, Cloud computing can increase the risk of data breaches and regulatory non-compliance, as well as introducing other vulnerabilities. To mitigate these risks, the NCSC…

Read More

CIS Control 14: Security Awareness and Skill Training

Posted on by Admin
CIS Control 14: Security Awareness and Skill Training

Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users into unintentionally providing access to the enterprise network or exposing sensitive information. Proper training should be provided to users in order to decrease the risk…

Read More

The Cybersecurity Skills Gap: Myth or Reality? | The State of Security

Posted on by Admin
The Cybersecurity Skills Gap: Myth or Reality? | The State of Security

Take a glance on social media on any given day, and we’ll hear from commentators stating how there is a (cyber) skills gap and that it must be addressed if we are to meet the challenges we are all increasingly facing.  Let’s be clear about something before we continue. If we are saying that there is a skills gap, then there are organizations out there that are ready to hire cybersecurity professionals now. The assumption…

Read More

The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

Posted on by Admin
The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

New IoT botnet techniques During the observation period, we noted four new techniques added to threat actors’ arsenals. One is a newly implemented technique in botnet families called Masquerading: Match Legitimate Name or Location (T1036.005). It is a Defense Evasion technique that likely reflect the manufacturers’ increasing interest and efforts in securing these IoT devices or appliances. The technique involves adversaries trying to match the name and location of legitimate and trusted programs to hide…

Read More

Top 10 Azure Cloud Configuration Mistakes

Posted on by Admin
Top 10 Azure Cloud Configuration Mistakes

Top misconfigured rules for Azure services Let’s look at three top misconfigured services for Azure and the Conformity rule for that service with the highest misconfiguration rate. Service: Azure Activity LogRule(s): “Create alert for ‘delete PostgreSQL database’ events” and “create alert for ‘create/update PostgreSQL database’ events” The top misconfigured rules for Azure Activity Log are related to PostgreSQL, a fully managed database-as-a-service platform. “Create alert for ‘delete PostgreSQL database’ events” and “create alert for ‘create/update…

Read More

Android malware infected more than 300,000 devices with banking trojans

Posted on by Admin
Android malware infected more than 300,000 devices with banking trojans

The initial apps in Google Play were safe, but the creators found a way around the Play Store’s protections to install malware on Android users’ devices. Here’s how it happened and how to stay safe. Image: marchmeena29, Getty Images/iStockphoto A November report from ThreatFabric revealed that more than 300,000 Android users unknowingly downloaded malware with banking trojan capabilities, and that it bypassed the Google Play Store restrictions. The cybercriminals developed a method for successfully infecting Android…

Read More

IBM offers one-stop-shop for mainframe hybrid cloud initiatives

Posted on by Admin
IBM offers one-stop-shop for mainframe hybrid cloud initiatives

While cloud companies such as AWS are offering enterprise customers new ways to get applications off the mainframe and into the cloud, IBM moved this week to keep them on the Big Iron. IBM rolled out a portal  it calls the IBM Z and Cloud Modernization Center which offers an assortment of tools, training, resources and ecosystem partners to help IBM Z clients accelerate the modernization of mainframe applications, data and processes to work with…

Read More

Gartner: Diversity, equity and inclusion is key to better I&O teams

Posted on by Admin
Gartner: Diversity, equity and inclusion is key to better I&O teams

“Why should an I&O leader care about diversity and inclusion? Why do you need to be involved in this at all? What good will it do you?” The answer to her questions, Debra Logan, a vice president and Gartner fellow told a virtual conference this week, is about building better infrastructure and operations (I&O) teams. “I’m not asking you to have faith,” she said. “I’m not asking you to do it for non-business reasons. I’m…

Read More

AMD: The Phoenix of tech

Posted on by Admin
AMD: The Phoenix of tech

Five years ago, AMD was hanging on by a thread. Sales had dropped below $1 billion per quarter. Its client and server CPUs were no longer competitive with Intel’s. Its Opteron server-CPU market share was less than one percent. Its GPU products were a little better but Nvidia had the mindshare. Then two things happened: Dr. Lisa Su ascended to the CEO position, and it developed the Zen microarchitecture, a clean-sheet, from-scratch redesign of the…

Read More

Prepare to take the CISSP certification exam that can turbocharge your cybersecurity career

Posted on by Admin
Prepare to take the CISSP certification exam that can turbocharge your cybersecurity career

If you are a cybersecurity professional with at least five years of experience, you can take the exam that will boost your career with an elite certification. Here’s a great way to prepare. Image: iStock/LeoWolfert Cybersecurity skills are among the most in-demand in the tech industry, and that isn’t likely to change any time in the near future with good reason. And Certified Information Systems Security Professional (CISSP) is considered one of the most valuable…

Read More
1 3,295 3,296 3,297 3,298 3,299 3,970