Security News > 2021 > September

VPNs have been used by businesses and individuals across the globe, but now the tide is turning. Over time, criminals have been able to identify and manipulate security flaws found in technology, and VPNs are no exception.

Absolute DataExplorer enables IT and security teams to capture critical endpoint data. Anomali XDR features extend visibility over a wider range of threat information sources.

Compliance Week conducted a survey which shows the importance of both advanced technology and dedicated teams that can quickly deliver data insights to reduce time and cost and result in better outcomes. "Vast increases in information, changing data privacy and compliance requirements, and growing cybersecurity risks are all contributing to the need for a faster approach to managing and conducting investigations that results in better outcomes."

According to the research, almost all of the IT and security leaders surveyed reported that their organizations are likely to start taking the steps needed to overcome these issues by enhancing their machine identity management approach, but these leaders also expect to face challenges. According to Gartner, "Digital transformation has led to an explosion in the number of machines - such as workloads, code, applications and containers - that need to identify themselves and communicate with each other. As a result, several technology providers have built tools that can help clients discover and manage machine identities across hybrid and multicloud environments. Managing machine identities has become critical, as nonhuman entities are now at the leading edge of digital transformation."

While many long term plans were put off due to the COVID-19 pandemic, executive leaders should act now in implementing a strategic planning process for future revenue growth, according to Gartner. Organizations must actively prepare to respond to future disruptions and anticipate change.

Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the identities of the threat actor or their motives remain unclear.

Hybrid work is here to stay, and companies are focused on prioritizing improved collaboration in this next normal of work to drive better innovation and increased profitability, according to a study by Forrester Consulting. The research evaluated the state of enterprise collaboration during the pndemic, as well as companies' plans to improve and invest in advanced collaboration to support a permanent hybrid workforce.

Managed edge services promises to be a high-growth market as enterprises look to low-latency edge services to address process efficiencies, support new consumer applications, comply with data sovereignty, and deal with security threats. According to a forecast from IDC, worldwide revenues for managed edge services will reach $445.3 million in 2021, an increase of 43.5% over 2020.

Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip circuits from over a dozen vendors. Researchers from the Singapore University of Technology and Design have published details about BrakTooth - a new family of security vulnerabilities in commercial Bluetooth stacks.

The sun never seems to set on the cybercriminal threat, but whether you're heading into autumn or bursting into spring you can tap into the world's finest cyber security training, at upcoming SANS Institute events in Asia and Oceania. With the cloud accounting for ever more of the world's compute, you can be assured that they all feature top courses focusing on detecting and countering cloud threats, including newly minted courses such as Cloud Security and DevSecOps Automation, and Public Cloud Security: AWS, Azure and GCP. With the development of the larger curriculum, SANS has conscientiously looked at job roles, training needs within those roles, and how we help students progress along their professional cloud security journey.