Cloud Complexity Requires a Unified Approach to Assessing Risk

There has been an unprecedented acceleration in the shift to the cloud as a result of the COVID-19 pandemic. McKinsey experts estimate companies have moved to the cloud “24 times faster ... than they thought” over the past two years. As organizations move quickly to scale, drive innovation, and...

CMC Electronics EFB breakout vulnerability

We’ve been finding vulnerabilities in electronic flight bags for a few years now. Disclosure response from the vendors involved has varied from excellent to radio silence. In every case we have tried extremely hard to engage with the vendors involved, even where we were ignored. We asked friendly...

Key Takeaways from the Linux Threat Report

As the popularity of Linux continues to increase, so does its attack surface. This brings to light a pressing question for organizations: who is responsible for the security of all the Linux instances running your cloud environment?...

CVE-2020-13091

pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibility to use...

Cloud Transformation and the Shared Security Model

For many organizations, the lure of the cloud is very strong. Large enterprises usually have several justifications for adopting cloud-based services including preserving capital, adding scalability to applications, and minimizing IT staffing needs. Small- to medium-sized organizations often look...

Intimate Details on Healthcare Workers Exposed as Cloud Security Lags

Yet another non-password protected cloud database has come to light, this time exposing a raft of highly personal information on healthcare workers and traveling nurses – including drug tests and arrest records. The incident showcases the unfortunate reality that cloud data security remains a...

Gain Visibility and Continuous Security Across All Your Public Clouds

As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes. Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their...

How to Secure Public Clouds while Boosting Digital Transformation

It’s happening all over the business world. Organizations of all sizes and in all industries are aggressively deploying innovative products to new online consumer channels, digitizing their core services and transitioning core business workloads to public clouds as part of digital transformation...

Under the hood of recent DDoS Attack on U.S. Banks

Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably awar...

5) Duh. Patch.

Much as we like to blame cybercriminals or unscrupulous merchants, much of the responsibility for security is in our hands. In particular: we’re responsible for the security of our computers and mobile devices. That’s especially true when we’re planning to use those systems to go shopping online,...