Security News > 2021 > August

Modern vulnerability management programs require a strategy that defines what success means for your organization's cybersecurity goals. With the changing work norms ushered in by the pandemic, endpoints have become an easy exploit target, and your vulnerability management program should give equal importance to managing both network and endpoint vulnerabilities.

Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization. "Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key," the company told customers.

So what are these unexpected places besides supply chain attacks? Kaseya, a lot of people would argue that's not a supply chain attack.

Here's a look at the most interesting product releases from the past week, featuring releases from ARMO, Palo Alto Networks, Guardicore, Radiflow and Ermetic. Palo Alto Networks Cortex XDR 3.0 automates threat detection and investigation across cloud environments.

It's common practice for businesses to seek to "Control" your data and to gather personal data that they don't need at the time on the premise that it might be valuable someday. The other side of the personal data conundrum is the data strategy and governance model that guides an individual business.

In my previous role, I was an ICS security strategist and managed numerous business functions from Intel ranging from global semiconductor factories for OT, sub-factories for ICS, global BMS, and smart buildings/facilities. Most importantly, I plan to align our business output with our customer demands to defend, protect, and enhance their security posture across ICS. Finally, I am excited to evaluated all strategic partnerships to map out a new business strategy for the next few years that will bring together security requirements, external threats, and market trends to ensure that we are staying ahead of our customer needs and are continually providing them the best service possible.

98 percent of UK business leaders and IT decision makers either plan to or have already started implementing zero trust strategies at their organizations, according to Illumio. The report also revealed the challenges organizations face when implementing zero trust architecture.

Engineering trust, accelerating growth and sculpting change are the three overarching trends on the Gartner Hype Cycle for Emerging Technologies, 2021 that will drive organizations to explore emerging technologies such as nonfungible tokens, sovereign cloud, data fabric, generative AI and composable networks to help secure competitive advantage. "Technology innovation is a key enabler of competitive differentiation and is the catalyst for transforming many industries. Breakthrough technologies are continually appearing, challenging even the most innovative organizations to keep up," said Brian Burke, research VP at Gartner.

A forecast from IDC shows global GRC revenues growing from $11.3 billion in 2020 to nearly $15.2 billion in 2025. All categories of GRC solutions are expected to increase in revenues.

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure on July 3, 2021.