Security is more important than ever. Cybersecurity has been a problem from the start of IT and it will be till the end. It all started with endpoint and network security, but today, we are also facing with cloudsecurity and managing employees to incorporate good security practices.
All these new technologies that help us innovate also helps cybercriminals and state sponsored hackers to get new tools they can use to get access to our systems, and in a worst case scenario, access to our most valuable data and business secrets. Also, with new legislation in place like GDPR, you need to make sure everything is secure, otherwise you just don’t lose your reputation, but you can also be fined by the government. Protecting IT-environments is more important than ever.
Your first line of defense is usually endpoint protection. The devices your employees work with need to be protected against ransomware and other malware which can bring lots and lots of trouble. This nowadays the most basic form of protection and many of the bigger vendors and suites can help you achieve this.
Network security is a bit more advanced, where you can manage which traffic goes across your network. You can also connect different networks together with e.g. SD-WAN. So, you can run protection software and share data between multiple locations. The trend we see in network protection on the datacenter side is to lock down the traffic by only allowing known, benevolent traffic sources. Regarding office networking, we see new initiatives like ZScaler coming up, where you tunnel all your staff over the network of ZScaler so they can analyse the traffic and block patterns that they marked as malicious. Especially for companies with employees that travel a lot, this is a smart solution.
Many thought that bringing workloads to the cloud would reduce their responsibility of doing security. It is now clear that this is not the case. Most cloud vendors practice the “shared responsibility” approach. This means that big hyperscalers can offer a first line of defense against well known threats and port scanners. For the more sophisticated attacks that are directly pointed at your servers, you need to have your protection in place.
The recently released Log4j update for Microsoft 365 Defender generated a stream of false notifications. Microsoft has since fixed the problem. This week, Microsoft released an update for Microsoft 365 Defender to address the notorious chain of Log4j vulnerabilities. Unexpectedly, the update gen... Read more
2 years ago
The ransomware gang appears to have called their victims' bluff and published files in retaliation for non-payment. The Vice Society ransomware gang has claimed responsibility for an attack on a U.K. Spar wholesaler earlier this month and is being linked to an attack on a Norwegian media company... Read more
2 years ago
Aquatic Panda, a China-based hacking collective, directly exploited the Log4j vulnerability to attack an undisclosed academic institution. The attack was discovered and parried by CrowdStrike's Overwatch threat-hunting specialists. According to CrowdStrike, China-based hackers launched an attack... Read more
2 years ago
Further investigation into possible hacks of LastPass accounts via so-called 'credential stuffing' reveals that LastPass has previously concluded incorrectly. LastPass's systems falsely generated security alerts that were believed to indicate hacking attempts. The fuss surrounding possible LastP... Read more
2 years ago
Microsoft updated several Defender solutions to defend users against exploits of Log4j. Among other things, the updates allow companies to identify and resolve Log4j vulnerabilities faster. Specifically, Defender for Containers and Microsoft 365 Defender solutions underwent a change. Among other... Read more
2 years ago
Password manager LastPass is under fire. In recent days, hackers made several attempts to break into the password vaults of LastPass users. According to the password manager, credential stuffing is at the base of the attacks. Users of LastPass reported break-in attempts into the digital safes de... Read more
2 years ago
Another vulnerability was discovered in Log4j. Accordingly, the Apache Foundation released a patch. Version Log4j 2.17.1 fixes a newfound method for remote code execution. The vulnerability was found in version 2.17.0 and named CVE-2021-44832. Authorization to modify the configuration file allow... Read more
2 years ago
Security will continue to be one of the most important concerns for companies in 2022. According to Neustar International Security Council (NISC), companies' security budgets will further increase in the coming year. NISC, a research department of security and analytics specialist Neustar, says ... Read more
2 years ago
The Biden administration is investing in open-source software security. Bloomberg reports that several open-source software providers and developers were invited to a governmental meeting in mid-January 2021. According to Bloomberg, U.S. National Security Advisor Jake Sullivan has invited key te... Read more
2 years ago
Security specialist Snyk is considering going public next year, Bloomberg reports. The IPO should generate more than the current company value of 7.6 billion euros (8.6 billion dollars). According to Bloomberg, the security specialist is currently in negotiations with banks concerning the IPO. T... Read more
2 years ago
