Security News

Around half of businesses surveyed are spending more on "Cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "Cyber risk management" means - possibly something about ensuring monitors are firmly bolted to desks. "Low C-suite engagement combined with increased investment suggests a tendency to 'throw money' at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately," intoned Trend Micro.

Axonius SaaS Management identifies misconfigurations and data security risks. Axonius SaaS Management lets customers address the operational and financial challenges of SaaS asset management, as well as the security and risk gaps, all via a non-intrusive deployment that delivers actionable insights from day one.

The snappily titled Government Cyber Security Strategy, wheeled out yesterday, will set UK domestic cybersecurity strategy for the next eight years. "The UK's legitimacy and authority as a cyber power is however dependent upon its domestic cyber resilience, the cornerstone of which is government and the public sector organisations that deliver the functions and services which maintain and promote the UK's economy and society," said the strategy, authored by the Cabinet Office.

A security bod scored a $100,500 bug bounty from Apple after discovering a vulnerability in Safari on macOS that could have been exploited by a malicious website to potentially access victims' logged-in online accounts - and even their webcams. Ryan Pickren, last seen on The Register after scooping $75k from Cupertino's coffers for finding an earlier webcam-snooping flaw, said the universal cross-site scripting bug in Safari could have been abused by a webpage to hijack a web account the user is logged into, which would be bad. It was also possible to activate the webcam.

Frustrated at lack of activity from the "Standard setting" UK Cyber Security Council, the government wants to pass new laws making it into the statutory regulator of the UK infosec trade. Government plans, quietly announced in a consultation document issued last week, include a formal register of infosec practitioners - meaning security specialists could be struck off or barred from working if they don't meet "Competence and ethical requirements."

Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling. Cs prevents cloud security risk and improves developer productivity.

AwareGO Human Risk Assessment for Enterprise measures employees' cybersecurity behavior. Pondurance Cyber Risk Assessments analyze and visualize potential cybersecurity gaps.

Here's a look at the most interesting products from the past week, featuring releases from Action1, Cloudflare, Code42, F5 Networks, NetQuest, Oxeye, SentinelOne and Tenable. The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle.

Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling. Tenable enhanced Terrascan, an open source cloud native security analyzer that helps developers secure Infrastructure as Code.

An Imperva Snapshot assessment lets teams assess the status of their databases and the data stored, to identify non-compliance with privacy regulations as well as compliance requirements for cloud data stores. iStorage datAshur SD offers data storage solution to securely share and scale unlimited encrypted data.