Positive Technologies security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. These vulnerabilities could be exploited for local privilege escalation, as confirmed by Popov in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity).
Now that we’ve learned this dependency on the cloud will continue to grow, there are new challenges that organizations have to solve in the year ahead – starting with making these cloud infrastructures more secure. To do this, organizations must reroute the security perimeter to focus on identity. While cloud-based identity can be a complicated concept for a number of reasons, there are a few simple steps organizations can take to evolve their identity access management (IAM) strategies. By moving beyond “effective permissions,” they should instead focus on threats and risks, following a cloud IAM lifecycle approach.
CEO and co-founder of social media platform Gab said the site had suffered a data breach. WIRED reported that the far-right platform had more than 70 gigabytes of data, and 40 million posts, leaked by a hacktivist who self-identifies as "JaXpArO and My Little Anonymous Revival Project."
CISA created the COVID-19 Vaccine Distribution Physical Security Measures guidance. This guidance provides a non-comprehensive list of physical security resources available to the public to help facility owners and operators enhance their physical security to protect workers and individuals.
Comerica Incorporated announced that Juan Rodriguez has been named Executive Vice President, Chief Information Security Officer. Reporting to Executive Vice President and Chief Technology & Operations Services Officer Megan Crespi, Rodriguez oversees Comerica's enterprise-wide information security policy, strategy, architecture, operations and capability enhancements of the bank.
Emergency operations centers (EOCs) are critical decision-making environments. It is vital that these centers have effective, reliable, intuitive technology to allow organizations to collate and interpret data, as well as plan and execute an appropriate emergency response to situations that can pose a danger to life, often with multi-agency involvement. So, when carrying out systems integration in an EOC space where the stakes are so high, how do you ensure you make the correct technology choices? Jon Litt, Senior Manager, Business Development, Government Solutions (US) at Christie highlights how the mission of the EOC is the number one factor to keep in mind.
The National Security Agency (NSA) published a cybersecurity guidance, “Embracing a Zero Trust Security Model.” This guidance shows how deploying Zero Trust security principles can better position cybersecurity professionals to secure enterprise networks and sensitive data.
With increasingly sophisticated attacks on targets of opportunity, how can enterprises ensure they are doing everything possible to safeguard against cyber threats? Surprisingly, we can apply techniques used to fend off enemies throughout ancient history by emperors, warriors, and soldiers to our high-tech environments of today. Below, we’ll examine three civilizations’ decision making and how we can integrate their best practices into modern-day security strategies.
Security magazine launched its inaugural Top Cybersecurity Leaders program for 2021. Security partnered with (ISC)², the world’s leading cybersecurity professional organization, to find enterprise information security executives who have made and continue to make significant contributions in the cybersecurity space to their organizations and the security profession.