Security News
As Russia's invasion of Ukraine continues, the technology industry is trying to use its services to make a difference - and to keep those services available as the war makes it harder to operate. The Global Sourcing Association - a UK-based body formerly known as the National Outsourcing Association and which promotes strategic use of services resources around the world - last week reported "Evidence of service disruption as companies are struggling to exercise their business continuity plans due to the extent of the disruption and employees are having to decide if they want to stay and work or choose to evacuate the main cities."
Around half of businesses surveyed are spending more on "Cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "Cyber risk management" means - possibly something about ensuring monitors are firmly bolted to desks. "Low C-suite engagement combined with increased investment suggests a tendency to 'throw money' at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately," intoned Trend Micro.
Axonius SaaS Management identifies misconfigurations and data security risks. Axonius SaaS Management lets customers address the operational and financial challenges of SaaS asset management, as well as the security and risk gaps, all via a non-intrusive deployment that delivers actionable insights from day one.
The snappily titled Government Cyber Security Strategy, wheeled out yesterday, will set UK domestic cybersecurity strategy for the next eight years. "The UK's legitimacy and authority as a cyber power is however dependent upon its domestic cyber resilience, the cornerstone of which is government and the public sector organisations that deliver the functions and services which maintain and promote the UK's economy and society," said the strategy, authored by the Cabinet Office.
A security bod scored a $100,500 bug bounty from Apple after discovering a vulnerability in Safari on macOS that could have been exploited by a malicious website to potentially access victims' logged-in online accounts - and even their webcams. Ryan Pickren, last seen on The Register after scooping $75k from Cupertino's coffers for finding an earlier webcam-snooping flaw, said the universal cross-site scripting bug in Safari could have been abused by a webpage to hijack a web account the user is logged into, which would be bad. It was also possible to activate the webcam.
Frustrated at lack of activity from the "Standard setting" UK Cyber Security Council, the government wants to pass new laws making it into the statutory regulator of the UK infosec trade. Government plans, quietly announced in a consultation document issued last week, include a formal register of infosec practitioners - meaning security specialists could be struck off or barred from working if they don't meet "Competence and ethical requirements."
Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling. Cs prevents cloud security risk and improves developer productivity.
AwareGO Human Risk Assessment for Enterprise measures employees' cybersecurity behavior. Pondurance Cyber Risk Assessments analyze and visualize potential cybersecurity gaps.
Here's a look at the most interesting products from the past week, featuring releases from Action1, Cloudflare, Code42, F5 Networks, NetQuest, Oxeye, SentinelOne and Tenable. The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle.
Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling. Tenable enhanced Terrascan, an open source cloud native security analyzer that helps developers secure Infrastructure as Code.