At AWS Re:Invent 2021 in the keynote address, AWS CTO Werner Vogels, invested a significant chunk of time in zooming in on the Identity and Access Management (IAM) of what he called the Everywhere Cloud. He emphasized that while often being underestimated or overlooked - IAM, remains a critical aspect of our overall security posture. ‍ ‍

Cybersecurity professionals possess many tools to reduce risk. However, it is no accident in a field so concerned with technology that technological tools are often prioritized over others: as the Law of Instrument says, “if the only tool you have is a hammer, it is tempting to treat everything as if it were a nail.” Therefore, cybersecurity professionals should not neglect the other tools, such as awareness and training.

CloudCasa by Catalogic can be installed on Azure Kubernetes Service (AKS) clusters using Ubuntu and perform migrations to Azure Linux as the host operating system. The Azure Linux container host for AKS is a lightweight, secure, and reliable OS platform optimized for performance on Azure.

In a groundbreaking move, Google has introduced Gemma, a new open-source AI model that aims to revolutionize AI application development for developers. Developed using the cutting-edge technology underpinning Google's Gemini AI models, Gemma is set to provide developers with advanced tools to create AI applications conscientiously and efficiently.

The next 12 months have the potential to reshape the global political landscape with elections occurring in more than 80 nations, in 2024, while new technologies, such as AI, capture our imagination and pose new security challenges. Against this backdrop, the role of CISOs has never been more important. Grant Bourzikas, Cloudflare’s Chief Security Officer, shared his views on what the biggest challenges currently facing the security industry are in the Security Week opening blog.

Local governments in the United States faced a surge in cyber threats during the latter half of 2023, with over 160 cybersecurity incidents impacting the State, Local, and Education (SLED) sectors. Alarming statistics reveal that many of these incidents were ransomware attacks (45%) and data breaches (37%). As custodians of vast amounts of personal and private information, local governments are entrusted with safeguarding sensitive data against evolving cyber threats.

Two critical vulnerabilities have been discovered and patched in TeamCity, a build management and continuous integration server from JetBrains. These vulnerabilities are being tracked as CVE-2024-27198 and CVE-2024-27199 and impact all TeamCity On-Premises versions through 2023.11.3. They are reportedly being actively exploited as of March 6, 2024, with a fix is available in version 2023.11.4, which was released Monday, March 4.

On March 3, 2024, JetBrains published a blog post describing two authentication bypass vulnerabilities affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S) access to a TeamCity Server can exploit these vulnerabilities to bypass authentication and gain administrative control of a TeamCity Server. CVE-2024-27198 (CVSS 9.8): Alternative path issue in the web component of TeamCity that can lead to remote code execution (RCE). CVE-2024-27199 (CVSS 7.3)

On March 1, 2024, SolarWinds published a security advisory reporting that SolarWinds Security Event Manager (SEM) is vulnerable to a high severity vulnerability that allows an unauthenticated threat actor to achieve remote code execution (RCE), CVE-2024-0692. The vulnerability lies in the configuration of the AMF deserialization endpoints. Exploitation can occur due to insufficient validation of user-provided data, allowing untrusted data to be deserialized.

Legacy data leak prevention (DLP) solutions are failing. Simply put, they weren’t built for business environments rooted in SaaS apps and generative AI (GenAI) tools. Meanwhile, security threats are evolving at a breakneck pace, with as many as 95% of enterprises experiencing multiple breaches a year. New attack surfaces are unfurling at a rapid rate following the switch to hybrid and cloud-based workspaces.