While the Kaseya, SolarWinds and other cyberattacks and global disruptors may appear dissimilar, having wildly varying causes and impacts, there is strategic value in considering them – and the supply chains they spread across – as a collective. Together, they represent a rapid learning opportunity for both adversaries and defenders – an open-source global weapons development program.
IT executives and senior leaders are key drivers of success. For an organization to quickly realize a tech vision and reap the benefits of digitization, leaders must have cutting-edge technical knowledge, a shared vision for change and, most critically, a people-focused approach that empowers the organization now and in the future.
SonarSource cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra - email collaboration software used by global enterprises - that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.
Additional report findings include 64% of survey respondents have delayed an application rollout over API security concerns and 94% have experienced an API security incident
July 28, 2021
Salt Security released the Salt Labs State of API Security Report, Q3 2021, revealing significant challenges in addressing API security, with all customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.
To celebrate the anniversary of its Vulnerability Reward Program and ensure the next 10 years are just as successful and collaborative, Google announced the launch of its new platform, bughunters.google.com. The new site brings all VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues.
Apple has released security updates to address zero-day vulnerability exploited in the wild, impacting iPhones, iPads, and Macs. The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher, BleepingComputer reports.
In today’s business environment security is a fundamentally functional and non-functional requirement and cannot be an afterthought where issues are chased after systems are operational. That’s why it’s vital that best practices be implemented by companies from the onset of any cloud migration strategy: backed by a robust and real-time capability to plan, investigate, and respond to all security incidents.