RSS_Virtulization

The Centennial State has unanimously passed a new data privacy act to safeguard Coloradoans’ personal information. On June 8, the state Senate approved the Colorado Privacy Act after a series of revisions were made. The Act is due to take effect on July 1, 2023, and now awaits the signature of state governor Jared Polis.  Should the Act become law, Colorado will follow California and Virginia by enacting comprehensive privacy legislation. The Act gives consumers who reside in Colorado five…

Devices have multiple OSs and firmware running, and most organisations don’t know what they have or if it’s secure. Microsoft will use ReFirm to make it easier to find out without being an expert. ReFirm fits in with Azure services to scan and update IoT devices.  Image: Microsoft As operating systems become more secure, attackers are increasingly shifting their attention to firmware, which is less visible, more fundamental and rarely well protected.  Vulnerabilities in firmware…

Google has proposed a new framework to mitigate the growing risks posed by attacks on the software supply chain. The Supply Chain Levels for Software Artifacts (SLSA, pronounced “salsa”) is designed to ensure the integrity of software artifacts across the entire supply chain. It’s based on Google’s own Binary Authorization for Borg framework, which the tech giant has been using as standard for all its production workloads for over eight years. “The goal of SLSA is…

Infosecurity Europe has announced that it is postponing the live event due to run at London Olympia in July, following the government’s delay in lifting the final COVID-19 restrictions. Infosecurity Europe will instead deliver a virtual exhibition and conference from 13-15 July 2021, the original dates of the event. The in-person event will now be held in 2022. The plan, before government restriction lifting was delayed, was to combine both live and online elements of Infosecurity…

Enterprising cyber-criminals have found a way to create convincing phishing emails which abuse Google Docs and Drive functionality to bypass security filters, according to Avanan. Researchers at the email security vendor claimed this is the first time such techniques have been used to piggyback on a popular service like Google’s. The email that victims receive contains what appears to be a legitimate Google Docs link, Avanan explained in a blog post. Clicking through takes the user to…

One of the world’s largest cruise ship operators has disclosed a data breach from mid-March, impacting an unspecified number of customers, employees, and crew. Carnival Corporation runs many of the globe’s leading cruise lines, including P&O, Cunard and Carnival Cruise Line. According to a data breach notification letter sent to customers and seen by Infosecurity, the firm detected unauthorized third-party access to a “limited number” of email accounts on March 19. “The impacted information includes data routinely…

The Cloud Permissions Gap exposes organizations to highly exploitable risk combined with the inability to implement and manage Zero Trust policies. By Raj Mallempati, CloudKnox Security COO In 2020, when organizations were prioritizing digital transformation so they could pivot to remote work on an unprecedented scale, Gartner added a new category to its 2020 Hype Cycle for Identity and Access Management Technologies called Cloud Infrastructure Entitlement Management (CIEM). CIEM? Looks a lot like SIEM. CIEM…