Cloud

Share Your Cloud Risk Management Assessment Plan with the Board

Posted on by Admin
Share Your Cloud Risk Management Assessment Plan with the Board

Quantifying and qualifying cyber risk is a longstanding challenge for CISOs. It was already a challenge for on-premise infrastructure when you knew what assets you had and where all the data lived. Cloud migration raises the bar, making it even more challenging to pinpoint cyber risk with a growing digital attack surface composed of distributed infrastructure and independently managed cloud resources used across the company. To help empower CISOs to more succinctly present their cloud…

Read More

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Posted on by Admin
Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Lateral movement to machines in the network After the initial infection with Cobalt Strike, we observed that the threat actor dropped node.exe, which is a stowaway proxy tool that is publicly available on Github. The tool is written in the GO language and can provide many capabilities to threat actors: remote shell execution, upload/downloading files, and more. In this case, the tool is used to provide a reverse shell to threat actors on IP: 45[.]32.108.54…

Read More

Trend Micro CEO Discusses Need for a Unified Cybersecurity Platform

Posted on by Admin
Trend Micro CEO Discusses Need for a Unified Cybersecurity Platform

Trend Micro CEO Discusses Need for a Unified Cybersecurity Platform Risk Management In the face of evolving cyberattacks, an ever-expanding digital attack surface, and a global skills shortage, organizations need a more unified approach to managing cyber risk. Trend Micro co-founder & CEO Eva Chen discusses our vision and strategy for delivering a unified cybersecurity platform. By: Trend Micro June 23, 2022 Read time:  ( words) Undoubtedly, COVID-19 has been a big accelerant for digital…

Read More

Why It’s Time to Map the Digital Attack Surface

Posted on by Admin
Why It’s Time to Map the Digital Attack Surface

Around a year ago a cyberattack on a little-known US oil pipeline thrust ransomware into the media spotlight and grabbed the attention of the White House. The ensuing months saw a flurry of government efforts designed to improve the security posture of global organizations, with cyber risk management planted firmly front-and-center of recommended best practices. The cybercriminals responsible for breaching Colonial Pipeline may have unintentionally done a great deal of good for the security community….

Read More

Managing Cyber Risk: The People Element

Posted on by Admin
Managing Cyber Risk: The People Element

Blink and it seems a new ransomware group has taken an enterprise hostage. With ransomware and other cyber threats evolving and the attack surface constantly expanding, CISOs and security leaders are acutely aware of the need to minimize risk across people, processes, and technology. Trend Micro’s Jon Clay, VP of threat intelligence and Ed Cabrera, chief cybersecurity officer, discuss the importance of addressing the people element of security to minimize cyber risk. Top infrastructure risk:…

Read More

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

Posted on by Admin
The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters Cloud While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals. By: Magno Logan May 24, 2022 Read time:  ( words) While researching cloud-native tools and how they can reveal information about a system or an organization, we came across some data sets from Shodan concerning Kubernetes clusters (aka…

Read More

Benefits of Cyber Attribution for Better Cyber Risk Management

Posted on by Admin
Benefits of Cyber Attribution for Better Cyber Risk Management

What does cyber attribution really mean? Is it just pointing a finger at the bad guy? This article explores the meaning of cyber attribution, the benefits, and how to leverage security tools to help your attribution efforts. What is cyber attribution? Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other hacking exploit, which enables organizations to gain a complete picture of an attack and enhance their cybersecurity strategy…

Read More

One Vision & Platform – Enterprise Protection Evolved

Posted on by Admin
One Vision & Platform – Enterprise Protection Evolved

The world moves fast sometimes. Just two years ago, organizations were talking vaguely about the need to transform digitally, and ransomware began to make headlines outside the IT media circle. Fast forward to 2022, and threat actors have held oil pipelines and critical food supply chains hostage, while many organizations have passed a digital tipping point that will leave them forever changed. Against this backdrop, CISOs are increasingly aware of running disjointed point products’ cost,…

Read More

Cloud Cyber Risk Assessment – Sandstone CTO Weighs-in

Posted on by Admin
Cloud Cyber Risk Assessment – Sandstone CTO Weighs-in

Cloud complexity Sandstone, a FinTech organization that primarily offers digital banking solutions and products, decided to go fully cloud-native in 2018 to accelerate business innovation. While the shift from on-premises to the cloud provided several operational benefits, securing a perimeter-less environment where new assets could be spun up whenever, wherever presented a new challenge for Pinnamanemi and his team. Cattle vs. pets Pinnamanemi uses the “cattle vs. pets” analogy to describe the difference of asset…

Read More

Cloud-Native App Security Platform

Posted on by Admin
Cloud-Native App Security Platform

The cloud is driving transformative benefits for global organizations. But in rushing their applications and infrastructure into new computing environments, they’re also exposing business-critical data to new risks. There are now more ways for the bad guys to steal data, deploy malware, hijack resources, and hold them to ransom. The complexity of hybrid and multi-cloud environments and the need to coordinate across multiple stakeholder groups further compound these challenges. The answer is a simple, flexible,…

Read More
1 10 11 12 13 14 19