In a recent report by cloud security firm Wiz, it has come to light that Microsoft's AI research division inadvertently exposed a staggering 38 terabytes of sensitive data due to a misconfiguration involving Shared Access Signature (SAS) tokens. The incident, which began in July 2020 and remained undetected for almost three years, originated from Microsoft's attempt to share open-source code and AI models for image recognition via a GitHub repository. Users were directed to download these models from an Azure Storage URL; however, the misconfigured URL granted unauthorized access to the entire ..read more

CyCognito has released its semi-annual State of External Exposure Management Report, revealing a staggering number of vulnerable public cloud, mobile, and web applications exposing sensitive data, including unsecured APIs and personally identifiable information (PII). Developed by CyCognito's research division, the report is based on analysis of 3.5 million assets across its enterprise customer base, including a number of Fortune 500 companies. Key findings from the CyCognito research include: 74 percent of assets with PII are vulnerable to at least one known major exploit, and one in 10 have ..read more

The accelerated adoption of cloud computing over the past decade has unlocked new levels of business agility, scalability, and cost efficiency. However, security has struggled to keep up with the rapid pace of cloud innovation. Misconfigurations, vulnerable services, advanced malware, and sheer scale have opened cracks in cloud security. A new report from Qualys highlights critical security issues organizations face as they adopt cloud computing models. The 2023 Qualys TotalCloud Security Insights report provides data-backed insights into top vulnerabilities, ongoing threats, and remediation c ..read more

A recent report from cybersecurity firm SentinelOne sheds light on a concerning trend in the cyber threat landscape: the expansion of a cloud credential stealing campaign targeting Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). This development underscores the increasing value of cloud service credentials to threat actors and emphasizes the need for organizations to prioritize their cloud security strategies. As cloud services have become more prevalent, cybercriminals have adapted their tactics to exploit the wealth of data stored in these platforms. The report ..read more

Apple has announced several new advanced security features that will provide users with important tools to protect their most sensitive data and communications. These features include iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. One of the most exciting new security features is iMessage Contact Key Verification. This feature allows users to verify the identity of a contact before sharing sensitive information or engaging in secure communications. Here's an example screenshot from an iMessage conversation of what it will look like: Appl ..read more

In cybersecurity, threats are like mosquitoes on a humid August evening: as soon as you knock one out, another one is already biting at your neck. For end-users, threat intelligence is key to improving the configuration of environments and defenses. Which is something Google is hoping to help make easier with its new Threat Horizons report. The report was published by Google's Cybersecurity Action Team and is based on observations from its Threat Analysis Group (TAG) and other internal teams. Google's stated goal is to provide "actionable intelligence that enables organizations to ensure their ..read more

As painful and difficult as it may be for some to reflect on the pandemic, there are quite a few lessons we have all learned in the last two years.  One lesson that many in the cybersecurity world might have missed is that there are some similarities between the pandemic and how you can approach security, as strange as that may sound. Mike Lloyd, the Chief Technology Officer at RedSeal and longtime SecureWorld speaker, believes we can take lessons learned from the pandemic and apply them to complex cybersecurity issues. As an academic, Lloyd studied epidemiology and was modeling how disea ..read more

Organizations can spend tens of thousands of dollars, and more, on privileged access management. But are they achieving the full return on investment from their PAM purchases? Here are five reasons why PAM doesn't realize the ROI it should. 1. Product implementation  PAM product implementation often becomes stalled. Buying PAM software is not an investment, nor is it an asset. Without proper implementation, it can actually be a liability. It creates the illusion of security, which is far more dangerous than the fear of a security deficiency. Without follow-through after purchasing PAM sof ..read more

As the U.S. government begins a wide range of cybersecurity initiatives to bolster the country's defense against cyberattacks, hefty contracts are being handed out to top security companies. Just this week, the National Security Administration (NSA) has awarded a secret cloud computing contract to Amazon Web Services (AWS), estimated to be worth up to $10 billion. However, one of AWS' biggest competitors did not take kindly to this motion by the NSA. Microsoft filed a bid protest with the Government Accountability Office (GAO) on July 21, hoping to reverse the contract—or at least get a slice ..read more

Managing your hybrid infrastructure can be an overwhelming, complex task.  From gaining visibility, to finding security blind spots, to enabling zero trust, the challenges can seem endless. Its almost like there should be some kind of playbook that maps out how to manage your infrastructure and overcome these hurdles. Well, SecureWorld and Gigamon recently partnered together to provide security professionals with exactly this. An eSummit (virtual conference) titled Secure and Scale Your Hybrid Infrastructure: Playbook for Analysts & CISOs. Gigamon hybrid infrastructure eSummit The eSu ..read more