Security News

To help federal contractors prepare for their Level 1 - 3 assessment, Black & Veatch Management Consulting has achieved accreditation as a Registered Provider Organization from the Cybersecurity Maturity Model Certification Accreditation Body. The DoD created the CMMC to combine various cybersecurity standards and best practices across five different maturity levels that range from basic cyber hygiene to advanced levels of threat management capabilities.

The researchers showed how an attacker could go from the cloud-based management console to all managed endpoint devices, and also from the endpoint devices to the management console. In the first attack, the attacker obtains unauthorized access to the account of a management console operator using stolen credentials or exploits.

Gartner calls this highly-exposed ecosystem your "External attack surface," and has recently recommended adopting an External Attack Surface Management approach. EASM solutions can inventory all of the cloud assets your service is built upon across multiple cloud providers and all of your third-party vendors to aid in your cloud governance processes, as well as cloud security.

Enterprises across the globe are turning to cloud outsourcing providers to manage their private and hybrid cloud infrastructure because of increasingly complex IT environments, according to a report published by ISG. The report finds many enterprises focused on leveraging provider capabilities to control the cost of managing their private and hybrid clouds. "Enterprises worldwide have realized that outsourcing their cloud infrastructure management is a great way to realign their IT systems with business objectives in the most cost-effective manner," said Jan Erik Aase, partner and global leader, ISG Provider Lens Research.

Soracom launched Soracom Arc, a service that allows anyone developing IoT solutions to leverage Soracom's IoT platform using any internet connection, including cellular, Wi-Fi, Ethernet, and satellite. Arc provides anyone developing IoT solutions secure access to the Soracom suite of 17 network and application services, including cloud integration, private networking, data optimization, secure remote access, and on-demand packet capture.

Actian announced the general availability of its new Zen V15 embedded database for mobile and IoT. Actian Zen V15 addresses the demanding needs of today's on-premise, cloud, mobile, and IoT application developers by providing persistent local and distributed data across intelligent applications deployed in enterprise, branch, and remote field environments. "Actian Zen V15 edge data management delivers against a broad and demanding set of requirements including leveraging a variety of hardware architectures, operating environments, networks, communications interfaces, and languages to offer comprehensive support, performance, and the flexibility modern enterprises need to stay competitive."

StrongBox Data Solutions introduced StrongLink 3.2, delivering increased levels of automation and performance to radically simplify data management. "StrongLink's new metadata-driven tools provide our researchers with maximum efficiency for data access and management across a large heterogeneous storage environment," said Carsten Schmitt, storage administrator at Deutsches Klimarechenzentrum GmbH. "StrongLink provides researchers with global access to their data with workflows they are accustomed to but in an open-standards-based architecture that eliminates proprietary vendor lock-in. This is a key requirement for building the Exabyte Data Archive system and minimizes the time needed to find or manage data across multiple classes of storage. The SBDS solution is helping DKRZ create a better environment to advance the state of the art of climate research."

A critical cross-site scripting bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts. The bug is one of six critical flaws impacting the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites.

To select a suitable third-party risk management solution for your business, you need to think about a variety of factors. Third-party risk managers should review the goods or services their business provides, how third parties support different functions of the business, what processes they're involved in and what data they touch.

IDnow announces its participation in the IDunion network, which aims to build an open ecosystem for decentralised identity management. IDnow has joined forces with other industry experts through IDunion to drive a shared vision of digital identities that is aligned with European values and regulations.