July 16, 2024 at 05:50PM The top three technologies for new hires in enterprise security operations centers (SOCs) are SIEM, host-based extended detection and response, and vulnerability remediation. Additionally, hard skills such as cloud security, PowerShell expertise, and automation are highly valued. Soft skills like critical thinking, problem solving, attention to detail, and communication are … Read more
July 15, 2024 at 12:43AM Microsoft, Oracle, Cisco, and SAP lead in OSes, databases, networks, and ERP. Google is reportedly set to acquire Wiz, a startup with strong security products and services, for $23 billion. This could position Google as a major player in cybersecurity, potentially challenging its rivals’ dominance in the field. From the … Read more
July 14, 2024 at 03:42PM Alphabet, Google’s parent company, is close to acquiring cybersecurity startup Wiz for approximately $23 billion, potentially its largest acquisition. Wiz, an Israeli company, offers cloud security software, and the acquisition would strengthen Alphabet’s cybersecurity portfolio, including recent acquisitions like Mandiant and Siemplify. This move aligns with Google’s strategy to expand … Read more
July 12, 2024 at 02:34PM The top US cloud service providers are collaborating on a National Cyber Feed Initiative to provide real-time threat-monitoring data to federal cybersecurity authorities. The effort aims to improve threat intelligence sharing and cybersecurity. Challenges remain, including standardizing data delivery and making the information consumable. The initiative has gained momentum and … Read more
July 12, 2024 at 10:17AM AT&T suffered its second cyberattack this year, with data on “nearly all” wireless customers being compromised, including those with MVNOs. The breach on a third-party cloud platform exposed call and text metadata, potentially enabling customer geolocation. Around 110 million customers were affected, and the incident is linked to the Snowflake … Read more
July 11, 2024 at 12:21PM British startup Tracebit secures $5M seed-stage funding for cloud-based threat detection and deception tech. London-based company offers cloud-native threat deception technology to strengthen cybersecurity and expedite incident identification. Funding led by Accel, with support from Tapestry VC, 20SALES, and angel investors. Tracebit’s product uses canaries to enhance threat detection, plans … Read more
July 10, 2024 at 08:09AM Microsoft has released patches for 143 security flaws, including two actively exploited vulnerabilities. The flaws affect Windows, Edge browser, Hyper-V, and Office, among others. One of the exploited flaws is a remote code execution bug impacting .NET and Visual Studio. Other vendors have also issued security updates. [Word Count: 49] … Read more
July 10, 2024 at 07:48AM The author reflects on their 100 columns for SecurityWeek and the lack of progress in cybersecurity. They note the increasing frequency and severity of cyber breaches and emphasize the human element in security vulnerabilities. They advocate for enhancing identity management, endpoint security, cloud and supply chain risk management, risk-based prioritization, … Read more
July 8, 2024 at 05:43PM A new cyber espionage actor, “CloudSorcerer,” is targeting Russian government organizations with sophisticated malware, leveraging public cloud services for C2 and purposes. The group’s primary malware tool has multiple functions including covert monitoring and data collection, and it dynamically adapts its behavior based on its execution context, posing a challenge … Read more
July 8, 2024 at 04:18PM In response to a series of breaches and criticism of its cybersecurity practices, Microsoft is implementing a new Secure Future Initiative in China. This includes mandating the use of Apple iPhones instead of Android devices for logging into its corporate network. Employees using Android devices will be provided with an … Read more