Security News

The PCI Security Standards Council and the Cloud Security Alliance issued a joint bulletin to highlight the importance of properly scoping cloud environments. At a high level, scoping involves the identification of people, processes, and technologies that interact with or could otherwise impact the security of payment data or systems.

Pulumi announced that SANS Institute is using the Pulumi Cloud Engineering Platform to streamline the delivery of applications and infrastructure, increasing the speed of delivery by 3X. Pulumi enabled SANS to adopt cloud engineering best practices so that it could reduce deployment times, simplify its cloud architectures and ultimately create a better experience for end customers. SANS now delivers cloud infrastructure using TypeScript and GitOps workflows, allowing it to use the power of modern languages and software engineering to deploy and configure infrastructure through a single platform.

Business email compromise refers to all types of email attacks that do not have payloads. In a recent study, 71% of organizations acknowledged they had seen a business email compromise attack during the past year.

Learn how to get the most out of container security best practices. "Ford discussed the challenges of container security."Container security startups are looking to solve for some of the challenges that containers introduce: the increasingly automated nature of modern software development can exacerbate security issues quickly.

The report details the impact of COVID-19, IT's chief concerns about new spending decisions, the impact remote work had on security best practices, and overall satisfaction within the IT organization. "Remote work put enormous pressure on admins and organizations, and now that the work landscape has changed permanently, the top priority for SMEs is to address those challenges. IT professionals' 2021 priorities of layered security for more secure work-from-anywhere, making remote work easier, and more efficient device management underscore the need for a more consolidated, platform approach to IT that reduces complexities and cost."

From WannaCry, Petya, and SamSam to Ryuk, these ransomware attacks have caused huge financial and reputation losses for both public and private sector organizations - the recent attacks on Colonial Pipeline are just the latest example. Most of successful ransomware attacks happen because organizations overlook a simple security practice.

Over the past year, pharmaceutical companies and healthcare organizations have rushed to develop a COVID-19 vaccine. How are cybercriminals threatening vaccine security?

From authenticating to an API for advanced features to credential management, it is critical to have a deep understanding and awareness of data protection best practices. On the customer end, in-house security and engineering staff can prep for CPaaS implementation by becoming familiar with the use of APIs and the authentication methods, communications protocols and the data that flows to and from them.

This article talks about label standard and best practices for Kubernetes security, a common area where I see organizations struggle to define the set of labels required to meet their security requirements. My advice is to always start with a hierarchical security design that can achieve your enterprise security and compliance requirements, then define your label standard in alignment with your design.

While there is awareness of password security best practices, there is still work to be done to put that awareness to full use, a Bitwarden survey reveals. While Americans are more likely to report being affected by a data breach in the last 18 months, 1 in 3 are more interested in having a password that is easy to remember versus being secure.