‍After unearthing evidence as early as May 2024, cloud computing–company Snowflake released an official statement on June 2, reporting that they were investigating a series of targeted cyber events. A week later, Google's Mandiant, who, alongside Crowdstrike, is aiding Snowflake in this investigation, concluded that clients had been attacked after malicious actors had gotten access to compromised credentials.

In a recent security disclosure, Microsoft has warned more of its clients that Russian hackers have accessed emails exchanged between them and the company. This breach, attributed to the notorious "Midnight Blizzard" hacking group, has raised significant concerns about the security of communications with Microsoft.

In today's digital landscape, where data is the lifeblood of any business, securing and protecting hypervisor environments is paramount. Hypervisors, such as OpenShift Virtualization and Proxmox VE, play a critical role in virtualized environments. The threat landscape constantly evolves, with cyberattacks becoming more sophisticated and data breaches rising.

Innovation rarely starts with acknowledging the restrictions. It’s only after you’ve fleshed out the practical concepts that you begin to understand how they can align with the predefined boundaries, ensuring that your final product is both useful and compliant. This dynamic process encourages a more organic pathway to discovery, leading to solutions that are not only innovative but also viable within the given constraints.

In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.

Comprehending and effectively addressing cybersecurity threats is paramount to organizational security. As artificial intelligence continues to evolve, how companies respond to cybersecurity threats and how they take proactive steps to mitigate them will factor heavily into profitability, reputation and long-term success.

On July 1, 2024, OpenSSH released fixes for CVE-2024-6387, a vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems allowing for potential Remote Code Execution (RCE). OpenSSH is a widely-used suite of secure networking tools based on the SSH protocol, providing encryption for secure communication and file transfers, and is essential for remote management on Unix systems. CVE-2024-6387 is a signal handler race condition that allows unauthenticated Remote Code Execution (RCE) as root.

Since its mainstream emergence in 2022, generative AI has triggered a seismic shift in data management and security. It is estimated that one in four employees now uses genAI apps daily, often unbeknownst to their employer and IT team. This raises concerns, as genAI is designed with a voracious appetite for consuming both mundane and sensitive data. Effectively securing your data as genAI becomes prevalent is a strategic imperative.

Some examples of social engineering attacks include phishing, pretexting, scareware, baiting, vishing, smishing and CEO fraud. If you are unsure what qualifies as social engineering, imagine how many ways someone can manipulate you to reveal private information. Threat actors use these psychological techniques, both in person and online, to gain access to your personal or organizational information. These bad actors can install malware on your device, steal your information and even take your identity.

The CISO of a major insurance company recently switched from Microsoft to CrowdStrike for endpoint and identity security following a ransomware incident that Microsoft Defender failed to block. The following Q&A explains what happened, the fallout with Microsoft and how CrowdStrike delivered the protection, consolidation and support the CISO needed. Describe your security posture before the incident. I joined the company as CISO a few years ago.