The blueprint for a highly effective EASM solution

In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering hidden systems. What are the core capabilities a robust EASM solution should have? Given that […]

Continue Reading

Experts demand clarity as they struggle with cloud security prioritization

Cloud Native Application Protection Platforms (CNAPPs) have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Secure cloud computing environment Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools […]

Continue Reading

Maintaining consistent security in diverse cloud infrastructures

As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of complexity and potential security blind spots. In this Help Net Security interview, Kennedy Torkura, CTO […]

Continue Reading

Kubernetes clusters face widespread attacks across numerous organizations

In this Help Net Security video, Assaf Morag, Lead Threat Intelligence Analyst at Aqua Security, discusses research that discovered openly accessible and unprotected Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals. At least 60% of these clusters were breached and had an active campaign with deployed malware and backdoors. The exposures […]

Continue Reading

Common insecure configuration opens Apache Superset servers to compromise

An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. Administrators in charge of Apache Superset instances should check whether they are among that lot, upgrade them to a fixed version, and check whether attackers might have exploited the weakness to breach them. Apache Superset and […]

Continue Reading

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Microsoft addressed a misconfiguration flaw in the Azure Active Directory (AAD) identity and access management service. Microsoft has addressed a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed multiple Microsoft applications, including the Bing management portal, to unauthorized access. The vulnerability was discovered by Wiz Research which determined […]

Continue Reading

Financial organizations more prone to accidental data leakage

Netwrix announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report. Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44 percent of respondents in this sector say their own IT staff poses the biggest risk […]

Continue Reading

The cybersecurity trends organizations will soon be dealing with

In this interview with Help net Security, Brad Jones, VP of Information Security at Seagate Technology, talks about cybersecurity trends organizations will be dealing with soon, particlularly concerning cloud misconfiguration, data classification, software vulnerabilities, and the cybersecurity skills gap. Cybersecurity risks are an ever-evolving issue for all organizations. What are the main ones we are […]

Continue Reading

Security “sampling” puts US federal agencies at risk

Titania launched an independent research report that uncovers the impact of exploitable misconfigurations on the security of networks in the US federal government. The study, “The impact of exploitable misconfigurations on the security of agencies’ networks and current approaches to mitigating risks in the US Federal Government“, finds that network professionals report that they are […]

Continue Reading