Software as a service (SaaS) is one of the most important parts of the modern digital business. Unfortunately, when it comes to cybercrime, it can also be one of the weakest. The Cybersecurity newsletter, The Hacker News, have highlighted this in detail, noting interest from across the digital industry in addressing the holes created by misconfigured SaaS setups.
Recently, Amazon AWS introduced the new feature EC2 Serial Console for instances using Nitro System. It provides a simple and secure way to perform troubleshooting by establishing a connection to the serial port of an instance. Even though this feature is useful in case of break glass situations, from a security perspective, it could be used by adversaries to gain access through an unguarded secondary entrance.
Gartner recently published the 2021 Strategic Roadmap for SASE Convergence, outlining key challenges that are driving shifts to Secure Access Services Edge (SASE) architecture. Not surprisingly, chief among these challenges are consistency, simplicity, transparency, and efficacy—all of which a properly implemented SASE architecture is positioned to solve. But knowing what the challenges are, how do we then get to SASE? Has your journey already started? What are the right moves?
BazarLoader is a malicious dropper used in multiple campaigns, including the massive wave of attacks targeting US Hospitals with the Ryuk ransomware during October 2020. The primary purpose of BazarLoader is to download and execute additional malware payloads, and one of the key characteristics is its delivery mechanism, which exploits legitimate cloud services like Google Docs to host the malicious payload.
It’s more critical than ever to secure your company data and protect your workloads in the cloud. This blog post is a roundup of the latest technical resources and product capabilities by both Google Cloud and Splunk to enhance your threat prevention, detection, and response techniques, regardless of where you are in your business-transforming cloud journey.
Teleport has supported multi-factor authentication (MFA) for a while now, via Authenticator Apps (TOTP) and Hardware Tokens (U2F) such as YubiKeys. But this support was pretty limited: you could only choose one MFA protocol and users could only register one device. If a user lost their device, they would be locked out and need an account reset by the administrator. So, for Teleport 6.0, we’ve reimplemented the MFA support to make it more flexible.
Netskope is proud to have contributed once again to Verizon’s annual Mobile Security Index —one of the most influential reports in the industry for evaluating mobile security trends. This report is based on a survey of hundreds of professionals responsible for buying, managing, and securing mobile and IoT devices.
