Security News

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet. The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.

Threat Stack announced new alert context functionality to reduce mean-time-to-know within the Threat Stack Cloud Security Platform. Threat Stack's enhanced alert context provides meaningful data that will help guide security leaders' investigations into high severity alerts in real-time.

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks-and the costs of addressing them-are increasing. The survey of 300 cloud pros found that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they're vulnerable to a major data breach related to cloud misconfiguration.

The CloudKnox deal is Microsoft's fourth cybersecurity acquisition over the last 12 months. Last June, Microsoft acquired CyberX to beef up its Azure IOT security capabilities and followed up soon after with a separate deal to buy firmware security security specialist ReFirm Labs.

SecurityWeek will host its 2021 Cloud Security Summit virtual event on Wednesday, July 21, 2021. Through a fully immersive virtual environment, attendees will be able to interact with end users tasked with securing various cloud environments and services, and gain insights from leading solution providers and industry experts.

While there are many different encryption techniques, none are completely secure, and the search continues for new technologies that can counter the rising threats to data privacy and security. In a recent study published in KeAi's International Journal of Intelligent Networks, a team of researchers from India and Yemen describe a novel, two-step cryptography technique - the first to combine genetic technology with mathematical technique.

Register for this upcoming webinar to learn how to reduce risk with integrated endpoint-to-cloud security. Currently, security from endpoints to the cloud involves multiple standalone tools that solve specific problems.

Cloud security is critically important for organizations across the globe as adoption of cloud infrastructure continues to grow at a rapid clip. The shift toward the cloud is unstoppable, and inevitably, it's driving soaring demand for skilled security professionals, according to GIAC. Demand for specific cloud security skills is far outpacing the broader demand for cybersecurity skills, according to Burning Glass.

OpsCompass announced the results of a report it conducted on cloud security posture and management challenges. "Operations teams are managing increasingly complex cloud infrastructure and are hyper-concerned about misconfigurations and configuration drift resulting in security gaps and potential breaches. Our goal with this report is to assess what teams are experiencing today, understand their concerns, and drive conversations to improve cloud security."

Deloitte announced its acquisition of substantially all the assets of CloudQuest, a cloud security posture management provider based in Cupertino, Calif. The deal will bolster Deloitte's existing cloud cybersecurity offerings with CloudQuest's cloud-native security capabilities to more seamlessly manage security workflows, reduce risk and improve data security. "While the global pandemic slowed some things, it didn't slow cloud migration or cloud reliance for the vast majority of organizations," said Vikram Kunchala, Deloitte Risk & Financial Advisory Cyber Cloud leader and principal, Deloitte & Touche LLP. "As organizations work to build or advance their security postures for cloud or hybrid-cloud environments, we're expanding and diversifying our services and solutions portfolio to help our clients continuously monitor, prevent and remediate security threats."