Security News

Adlumin announced that its platform will now integrate directly with Google Workspace, giving customers the ability to ingest crucial audit logs from their Google Workspace domains. Google Workspace is a suite of secure, cloud-native collaboration and productivity apps powered by Google AI and has become a viable competitor to Office365.

With the announcement today, Sysdig launched the first runtime security detection and response solution for AWS Fargate that provides detailed audit logs to respond to incidents. Sysdig's runtime detection for AWS Fargate is based on open source Falco, the runtime security tool created by Sysdig and contributed to the Cloud Native Computing Foundation.

85% of companies completed their audits as planned or with an extension, and 60% had no change to audit timing. Organizations conduct multiple audits as disjointed, redundant projects.

Docker Bench for Security is a simple way of checking for common best practices around your Docker deployments in production. One such tool is a pre-built container, called Docker Bench for Security-it does a great job of auditing your container host and the currently running deployments.

The open-source SecureDrop Workstation has undergone a security makeover after a third-party security audit flagged multiple problems, including a high-risk bug that could allow an attacker to plant files on target machines. The SecureDrop Workstation audit, conducted by Trail of Bits and financed by the New York Times, warned that the high-risk directory traversal bug could be leveraged for code execution attacks.

Internal audit's ongoing digital transformation will rapidly accelerate in 2021, with 22% of respondents reporting that they will implement cloud-based technology this year, resulting in a majority of internal audit teams using a cloud-based audit management or GRC software solution for the first time, an AuditBoard survey reveals. "Many internal audit teams that have not yet shifted to a cloud approach are now set to reap the benefits of modernization - including gaining greater bandwidth for strategic, value-add activities - and will be better positioned to protect their organizations from new and emerging risks," said John Reese, AuditBoard's CMO. "They'll also get to equal footing with other functions within their organization who have already made the move to cloud-based solutions."

A study of 299 internal audit organizations showed that the function faced both declining budgets and a significantly expanded workload in 2020, according to Gartner. "For many heads of audit, it's not clear where the extra capacity is going to come from," said Margaret Moore Porter, managing vice president in the Gartner Audit practice.

Your company takes compliance and security very seriously, but you've no idea what or how to layer on top of AWS's existing security and compliance protocols to achieve levels necessary for compliance certification. In this case and others, passing a compliance audit may prove particularly problematic even though your company is committed to performing at or above baseline legal requirements.

The US Financial Industry Regulatory Authority has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. The domain used in these ongoing phishing attacks was registered just two days ago, on March 3rd, using the NameCheap domain name registrar.

Secondly, a given password might be somewhat easy to guess, despite existing password requirements. Password changes only occur via the user or Active Directory administrator.