Security News

Cybersecurity service providers must for licenses to operate in Singapore, under new regulations launched by the country's Cyber Security Agency on Monday. Specifically, concerns were raised over whether service providers may aggregate or use anonymised client data for threat intelligence purposes, leading CSA to limit the scope of its license condition.

On the one hand, security leaders and CISOs must be able to communicate strategies clearly - instructions, incident response plans, and security policies. More so than just talking about the dollar value of a security policy security leaders need to show the importance of processes, tasks, decisions, and how threats and other security risks impact the math.

CybeReady offers a fully-managed security training platform that includes phishing simulations, security awareness, and compliance training capabilities, with built-in expertise already embedded into the training. VMware unveiled new container runtime security capabilities that build upon a strong end-to-end security offering to help customers better secure modern applications at scale.

Cybersecurity experts describe a still-maturing cybercriminal group that is testing its capabilities with a range of different attack methods - from data extortion to ransomware - and may be taking advantage of Russia's invasion of Ukraine, which is distracting and diverting malware pushers and cybersecurity vendors alike. "Based on their public behavior and communication observed from the group, it is believed that they are a completely new group and not simply a rebranded threat group," Tyler Croak, principal strategist at cybersecurity vendor Lookout, told The Register.

ShiftLeft Velocity Update enables application security and development teams to automate security controls. F5 announced a major expansion of its application security and delivery portfolio with F5 Distributed Cloud Services that provide security, multi-cloud networking, and edge-based computing solutions on a unified software-as-a-service platform.

As Russia's invasion of Ukraine continues, the technology industry is trying to use its services to make a difference - and to keep those services available as the war makes it harder to operate. The Global Sourcing Association - a UK-based body formerly known as the National Outsourcing Association and which promotes strategic use of services resources around the world - last week reported "Evidence of service disruption as companies are struggling to exercise their business continuity plans due to the extent of the disruption and employees are having to decide if they want to stay and work or choose to evacuate the main cities."

Around half of businesses surveyed are spending more on "Cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "Cyber risk management" means - possibly something about ensuring monitors are firmly bolted to desks. "Low C-suite engagement combined with increased investment suggests a tendency to 'throw money' at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately," intoned Trend Micro.

Axonius SaaS Management identifies misconfigurations and data security risks. Axonius SaaS Management lets customers address the operational and financial challenges of SaaS asset management, as well as the security and risk gaps, all via a non-intrusive deployment that delivers actionable insights from day one.

The snappily titled Government Cyber Security Strategy, wheeled out yesterday, will set UK domestic cybersecurity strategy for the next eight years. "The UK's legitimacy and authority as a cyber power is however dependent upon its domestic cyber resilience, the cornerstone of which is government and the public sector organisations that deliver the functions and services which maintain and promote the UK's economy and society," said the strategy, authored by the Cabinet Office.

A security bod scored a $100,500 bug bounty from Apple after discovering a vulnerability in Safari on macOS that could have been exploited by a malicious website to potentially access victims' logged-in online accounts - and even their webcams. Ryan Pickren, last seen on The Register after scooping $75k from Cupertino's coffers for finding an earlier webcam-snooping flaw, said the universal cross-site scripting bug in Safari could have been abused by a webpage to hijack a web account the user is logged into, which would be bad. It was also possible to activate the webcam.