Security is more important than ever. Cybersecurity has been a problem from the start of IT and it will be till the end. It all started with endpoint and network security, but today, we are also facing with cloudsecurity and managing employees to incorporate good security practices.
All these new technologies that help us innovate also helps cybercriminals and state sponsored hackers to get new tools they can use to get access to our systems, and in a worst case scenario, access to our most valuable data and business secrets. Also, with new legislation in place like GDPR, you need to make sure everything is secure, otherwise you just don’t lose your reputation, but you can also be fined by the government. Protecting IT-environments is more important than ever.
Your first line of defense is usually endpoint protection. The devices your employees work with need to be protected against ransomware and other malware which can bring lots and lots of trouble. This nowadays the most basic form of protection and many of the bigger vendors and suites can help you achieve this.
Network security is a bit more advanced, where you can manage which traffic goes across your network. You can also connect different networks together with e.g. SD-WAN. So, you can run protection software and share data between multiple locations. The trend we see in network protection on the datacenter side is to lock down the traffic by only allowing known, benevolent traffic sources. Regarding office networking, we see new initiatives like ZScaler coming up, where you tunnel all your staff over the network of ZScaler so they can analyse the traffic and block patterns that they marked as malicious. Especially for companies with employees that travel a lot, this is a smart solution.
Many thought that bringing workloads to the cloud would reduce their responsibility of doing security. It is now clear that this is not the case. Most cloud vendors practice the “shared responsibility” approach. This means that big hyperscalers can offer a first line of defense against well known threats and port scanners. For the more sophisticated attacks that are directly pointed at your servers, you need to have your protection in place.
The Bitish Army's Twitter and YouTube accounts have been advertizing NFTs over the weekend. The cybersecurity of the British Army was questioned by experts after its social media accounts were compromised on Sunday, according to a report in ITPro. The British Army’s Twitter and YouTube acc... Read more
2 years ago
An employee of bug bounty platform HackerOne copied the work of hackers to get paid by companies. Internal threats are a tricky issue for security providers. HackerOne was founded in 2012. The organization develops a bug bounty platform. Companies sign up and pay hackers to find vulnerabilities... Read more
2 years ago
A new generation of Android scamware employs several tricks to register users to costly services. According to Microsoft, Android malware developers have stepped up their billing fraud games with applications that disable WiFi connections, covertly subscribe individuals to costly wireless servic... Read more
2 years ago
An anonymous user of a hacker forum claims to hold the personal data of 1 billion Chinese citizens. Although proof is lacking, enterprises are upping their security measures. The user goes by the forum name of 'ChinaDan'. In a recent post, the user offered 23 terabytes of data for 10 bitcoin (ap... Read more
2 years ago
Microsoft is allowing Azure Active Directory (Azure AD) administrators to generate time-limited credentials. These credentials can be used for passwordless authentication and restoring accounts after losing credentials or FIDO2 keys. The Temporary Access Pass (TAP) functionality can be used for ... Read more
2 years ago
Google blocked over thirty malicious domains connected to cybercriminal groups in Russia, UAE and India. The domains actively targeted AWS, Gmail and many other personal accounts to perform corporate espionage against organizations and human activists. According to the threat analysis group a... Read more
2 years ago
Kaspersky researchers discovered a new malware variant that attacks Microsoft Exchange servers. 'SessionManager' installs a backdoor on affected systems. According to the researchers, mitigation is a difficult process. Kaspersky notes that SessionManager has been active for 15 months. Some 34 s... Read more
2 years ago
Alert Center will inform administrators of sensitive and critical changes to configurations of Google Workspace. Previously known as G Suite, Google Workspace has been upgraded to inform administrator of sensitive alterations to accounts. The new alerts are accessible to all Google Workspace use... Read more
2 years ago
Microsoft patched a serious vulnerability in Service Fabric. The threat was discovered by security specialists from Unit42 of Palo Alto Networks. The vulnerability ('FabricScape') allows attacks on all services and applications that Service Fabric supports. These include Azure Service Fabric, Az... Read more
2 years ago
In light of recent attacks against cloud-based users, Google added new capabilities to Cloud Armor. In a recent blog post, Google stated that modern cyberattacks use increasingly comprehensive techniques like volumetric floods, bot-based attacks, API abuse and DDoS attacks. Google Cloud Armor... Read more
2 years ago
