When I look at IT security I can clearly see how it has changed, being today much more mature now than it’s ever been. Governments are working on policies and legislation forcing companies to prioritize IT security. As a result, the entire bug bounty community has bloomed in a way that I could never imagine, security researchers are now working together with companies to identify and mitigate vulnerabilities in a way that we have never done before.

April Patch Tuesday brings 145 vulnerability fixes from Microsoft — the highest number in 19 months—including CVE-2022-26809, a critical remote code execution (RCE) vulnerability in Windows Remote Procedure Call (RPC) Runtime library that impacts all supported Windows products. Notably, Microsoft also released security updates for Windows 7, an end-of-life product since January 2020, which highlights the severity of CVE-2022-26809.

One of the key tools at the center of social engineering attacks against organizations is phishing. According to the Anti-Phishing Working Group’s latest report, the number of unique phishing websites detected in December 2021 was 316,747, where they have detected between 68,000 and 94,000 attacks per month in early 2020, meaning that phishing attacks have more than tripled from 2020 to 2021.

Cloud access control is a critical part of cloud security strategy. Without granular controls in place, unauthorized users could gain access to your data or even take down your entire cloud infrastructure. Solutions such as Cloud access broker solution (CASB) help you enforce access controls by acting as a layer separating users and cloud service providers.

Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure.

This is the second installment in Trustwave’s in-depth tour of our Security Colony platform. For a broad overview of what Security Colony offers please read 5 Ways CISOs Can Leverage the Power of Trustwave Security Colony. Self-evaluation in any area, much less cybersecurity, can be challenging. Is my performance at work strong and consistent? Am I being friendly to my neighbors?

With Egnyte, you can now co-edit files in Microsoft Word, PowerPoint, and Excel—either online or via your desktop. And because these files are stored in Egnyte, you get additional security and governance capabilities so you can collaborate confidently, without having to worry about exposing sensitive data. This post explains how.

Sysdig is pleased to announce that it has achieved Amazon Web Services (AWS) DevOps Competency for development, security, and operations (DevSecOps). This designation highlights the value provided by the Sysdig platform to AWS customers to achieve their DevSecOps goals. As a key partner for the ecosystem, Sysdig collaborates closely with AWS and its customers to enhance the protection of cloud infrastructure and applications against continuously evolving security threats.

Our team has more than a decade of experience in server hardening. We’ll help you determine the right policy to achieve maximum compliance with minimal efforts.

Security professionals involved in the IT and cybersecurity industry for the last 10+ years have most likely come across the terms SIEM and recently SOAR, but there is still much confusion about what the specific use cases and purposes are. So, are these tools the same thing? Do security teams need one, the other, or both within their security operation center (SOC) infrastructure?