RSS_Virtulization

By Daniel Petrillo , Director of Security Strategy, Morphisec Endpoint detection and response (EDR) solutions, and their evolution — extended detection and response (XDR) platforms — are increasingly popular. To underscore that point, the market was valued at $1.81 billion in 2020, according to Mordor Intelligence, and looks to increase to $6.9 billion by 2026 for a CAGR of 25.6% over the next five years. This is huge as more companies start to look into…

iPhones have been compromised by the NSO Group’s Pegasus spyware. Should you be worried? That depends on who you ask. Image: James Martin/CNET The iPhone has always been lauded for its tight security and privacy controls, especially compared with Android devices. But that reputation took a hit this week with the revelation that a spyware program ostensibly used to hack into the phones of criminals and terrorists was abused by certain authoritarian governments to compromise…

When it comes to spotting and defeating today’s advanced cyberattacks, the predominant kill chains used in security products clearly aren’t up to the task. New attacks occur every day, and they are increasingly creative and complex. For example, the SolarWinds hack targeted a user’s email, then used that ID to navigate the company’s network, and then installed malware in the outbound software update server that gave the hackers access to every SolarWinds customer’s network. Kill…

Scoped tokens are here 💪! Scopes give you more fine grained control over what access your tokens have to your content and other public content on Docker Hub!  It’s been a while since we first introduced tokens into Docker Hub (back in 2019!) and we are now excited to say that we have added the ability for accounts on a Pro or Team plan to apply scopes to their Personal Access Tokens (PATs) as a…

  As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s…

We are celebrating two important milestones this month in our partnership with Google Cloud. First, VMware jointly launched Google Cloud VMware Engine with Google Cloud one year ago. Second, I am honored to announce that Google Cloud announced today that VMware has won the “2020 Google Cloud Technology Partner of the Year – Infrastructure Modernization” award, resulting from our collective achievement on Google Cloud VMware Engine. This past year has been an incredible journey it has…

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, APT, Espionage, Ransomware, Targeted Campaigns, DLL Side-Loading, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending…

Let’s be honest, most companies have either moved or are moving to a continuous integration/continuous delivery (CI/CD) application development model. With the move to this model, the need to integrate security into the process is paramount. Faster code deployments mean less time for code reviews. So, how do you perform a public cloud misconfiguration check for an app you’re deploying through a pipeline? Glad you asked. In this blog, we’ll show how we integrated CloudHealth…

Ransomware knows no borders. An attorney with cybersecurity expertise suggests the only way to stop ransomware is for nations to create a global solution. Image: kaptnali, Getty Images/iStockphoto Ransomware has grown beyond a cybersecurity threat into a global menace. Fredric Bellamy, an attorney at Dickinson Wright with experience in intellectual-property litigation as well as data privacy and cybersecurity law, believes it is time to instigate international laws authorizing nations to enforce authoritarian responses in order…