RSS_Virtulization

It’s often said that cybersecurity is hard. Anyone who has ever worked their way through the SANS Critical Controls, PCI-DSS or even something deceptively minimalist as the OWASP Top 10 knows that success in achieving these security initiatives requires time-consuming, diligent and often a multi-team effort. Now imagine amplifying that responsibility over a power plant that extends over a broad geographic region, and you start to get an idea of the challenge that awaits you….

Experian API Exposed Credit Scores of Most Americans could have been accessed due to a weakness with a partner website. Experian API exposed credit scores of tens of millions of Americans due to a weakness with a partner website. Anyone was able to look up the credit score of tens of millions of Americans just by providing their name and mailing address. The issue was reported to KrebsOnSecurity by the independent security researcher Bill Demirkapi,…

Companies are accelerating their use of the cloud, but should slow down and make sure security is built in from the beginning. TechRepublic’s Karen Roby spoke with Ron Bennatan, general manager for data security at Imperva, a cybersecurity company, about cybersecurity in the cloud. The following is an edited transcript of their conversation. SEE: Research: Video conferencing tools and cloud-based solutions dominate digital workspaces; VPN and VDI less popular with SMBs (TechRepublic Premium) Ron Bennatan:…

Cloud adoption is accelerating, but cloud security might be an issue Length: 6:56 | May 4, 2021 The problem is not the cloud, one expert said. It’s the speed at which companies are moving items to the cloud without considering security controls. Source link

McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying many others.  A significant portion is attributed to browser-based push notifications, and while there are a couple of simple steps users can take to prevent and remediate the situation, there is also some confusion about how these should be handled. How does this happen? In many cases scammers use deception to trick users into Allowing…

A fraudulent website impersonating a biotechnology company to allegedly steal data has been seized by the United States Attorney’s Office for the District of Maryland. “Freevaccinecovax.org” purported to be the domain name of a company that was developing a vaccine for COVID-19. However, the site was allegedly set up to collect the personal information of visitors and use it for nefarious purposes. According to the affidavit filed in support of the seizure, the apparently fraudulent website “freevaccinecovax.org”…

The South African arm of fitness group Virgin Active has been targeted by “sophisticated cyber-criminals.” The company took all its computer systems offline after being targeted by cyber-criminals on Thursday. Late on Friday, Virgin Active warned clients of the attack by posting a message on its website. “Virgin Active South Africa became aware of a cyberattack yesterday and our security teams immediately started working with cybersecurity experts to carefully contain, manage and investigate the cyber…

The Docker community spans the four corners of the world. To celebrate the global nature of our community at DockerCon this year, we’ve created something new: Community Rooms. Building on the learnings of our “regional rooms experiment” during our last Community All-Hands, Community Rooms are virtual spaces that DockerCon attendees will be able to join to discuss, share and learn about Docker in their own language and/or around a specific topic area.  100% LIVE The…

Remote access is becoming an organization’s weakest attack surface, according to new research published today by the Ponemon Institute and third-party remote access provider SecureLink. The new report, titled “A Crisis in Third-party Remote Access Security,” reveals a disparity between an organization’s perceived third-party access security threat and the protective measures it puts in place.  Researchers found that organizations are exposing their networks to non-compliance and security risks by not taking action to reduce third-party access risk.  Nearly half (44%) of…