Security News

Security executives are overwhelmingly craving more AI solutions in 2023 to help them battle the growing cybersecurity threat landscape, according to Netrix Global. Interestingly, when looking at other findings around spending decisions, security executives said that supply chain issues and the growing distributed workforce are likely to have a more significant influence on IT security spending in 2023 than the looming recession.

At its LIVE 2023 event in Las Vegas this week, Cisco revealed an array of solutions, paving stones on its path to a platform strategy called Cisco Security Cloud. In an interview with TechRepublic about Cisco LIVE 2023, Patel said the new technologies addressed a need to simplify security operations and address security considerations caused by the shift to hybrid work.

It's essential to have a robust API security posture to protect your organization from potential threats. API posture management refers to the process of monitoring and managing the security posture of your APIs.

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 that could allow a malicious actor with network access to achieve remote code execution.

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame Report today, honoring the top 50 Certified CISOs globally.

In my last post I discussed how developers can be your security secret weapon but how to help them love doing security work? That's a whole other challenge! Developers giving security the cold shoulder isn't just a myth: Industry surveys have repeatedly shown that engineers try to avoid security work, while security teams become frustrated at engineers' lack of action.

Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode. "The difference between the rate at which flaws appear in public and private sector applications is significant. Efforts by the government to close the gap are necessary and should continue. As stewards of public safety, agencies have a responsibility to close this gap and strengthen security to protect the nation and its citizens," said Chris Eng, Chief Research Officer at Veracode.

"The attack surface in the SaaS ecosystem is widening, and just as you would secure a cloud infrastructure with Cloud Security Posture Management, organizations should secure their SaaS data and prioritize SaaS security," asserts Maor Bin, CEO of Adaptive Shield. "In last year's survey, 17% of respondents said they were using SSPM. This year that figure has soared, with 80% currently using or planning to use an SSPM by the end of 2024. This dramatic growth is fueled by the fact that 55% of organizations stated they recently experienced a SaaS security incident, which resulted in ransomware, malware, data breaches, and more. Threat prevention and detection in SaaS is critical to a robust cybersecurity strategy spanning SaaS Misconfigurations, Identity and Access Governance, SaaS-to-SaaS Access, Device-to-SaaS Risk Management, and Identity Threat Detection & Response," Bin continued.

Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December. The new security patch level 2023-06-05 integrates a patch for CVE-2022-22706, a high-severity flaw in the Mali GPU kernel driver from Arm that Google's Threat Analysis Group believes it may have been used in a spyware campaign targeting Samsung phones.

Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December. The new security patch level 2023-06-05 integrates a patch for CVE-2022-22706, a high-severity flaw in the Mali GPU kernel driver from Arm that Google's Threat Analysis Group believes it may have been used in a spyware campaign targeting Samsung phones.