I recently had the honor of testifying before the House Financial Services Committee’s Taskforce on Artificial Intelligence about two critical emerging issues in the financial services sector – cloud and artificial intelligence (AI). Both have incredible potential for energizing the financial sector, but they also raise important security concerns. Financial

Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.The cloud has changed a lot about the way we conduct business, but one of the most significant shifts has been in the realm of cybersecurity. The expansion of workloads running in the cloud has driven an uptick in security attacks focusin

Containerization. Another one of those tech buzzwords folks love to say but often have no idea what it means. A better way to organize children’s toys? The act of bringing tupperware out to dinner to safely transport home leftovers? Another name for Russian dolls? Containerization is, of course, none of those things. But its definition might be best

Understanding the Threats, Tisks, and Vulnerabilities Associated With Cloud Environments is Critical to Securing DataAlmost ten years ago, I worked as a cybersecurity evangelist for one of the world’s first Software-as-a-Service (SaaS) vendors. At the time, the term SaaS didn’t even exist yet and our sales personnel and resellers were struggling to describe

A Dutch politician could face several years behind bars after being accused by prosecutors of hacking the iCloud accounts of hundreds of women and posting explicit photos and videos online.Named only on the official Netherlands Public Prosecution Service website as “a 35-year-old man from Almere,” he is identified elsewhere as Mitchel van de

How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise. In a recent New York Times opinion piece, National Security Agency General Counsel Glenn Gerstell described how traditional national security systems, developed after World War II, dependably gave early warning of foreign mil

The music streaming service received reports indicating attackers gained unauthorized access to its systems.Music streaming service Mixcloud has disclosed a security incident in which unauthorized users gained access to some of its systems, resulting in the sale of customer data on the Dark Web.Mixcloud published a notice regarding the incident late last wee

The European Union Agency for Cybersecurity (ENISA) today published a report containing recommendations to establish an EU-wide cybersecurity certification scheme for cloud service providers.The report was created by the Cloud Service Provider Certification Working Group (CSPCERT WG) at the request of the European Commission. Instead of proposing a

British streaming service Mixcloud has been hacked and the personal data of tens of millions of users put up for sale on the dark web, it has emerged.The service issued a brief statement on Saturday confirming the incident.“We received credible reports this evening that hackers sought and gained unauthorized access to some of our systems,” it not

More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.Thousands of Jira instances remain vulnerable to server-side request forgery (SSRF), a Web application vulnerability that redirects malicious requests to resources restricted to a server. The extent of this exposure underscores the impact of S

Third-party libraries, container components and even remote workers represent a major supply chain risk to organizations as they head into a new decade, according to Trend Micro.The security giant’s new 2020 predictions report, The New Norm, warned of a growing cloud attack surface, as hackers focus their efforts on code injection attacks to steal sens

Security and web performance services provider Cloudflare this week announced the open source availability of Flan Scan, its lightweight network vulnerability scanner.Based on the Nmap open source tool, Flan Scan was born out of the need for an easy-to-deploy scanner that could accurately detect the services on a network and then look them up in a database o

IBM on Wednesday announced the general availability of Cloud Pak for Security, a solution designed to help organizations hunt for threats by combining data from multiple tools and clouds.Cloud Pak for Security can obtain and translate security data from existing tools. It currently supports tools from IBM, Carbon Black, Elastic, Tenable, Splunk and BigFix. H

Trend Micro has announced a new security services platform aimed at helping customers simplify hybrid and multi-cloud security.The new Cloud One platform, Trend Micro says, includes six services that provide workload, container, file object storage, serverless and application, and network security, and which also aim to deliver security posture management ca

One of the main benefits to standardized infrastructure is the ability to share application resources across entities. We are taking advantage of this with the Cloud Native Security Hub as we start to explore how to standardize cloud native security. Securing cloud native environments is a new challenge for any team trying to bring these workloads to