Aggregator
Осторожно, груз опасен: глобальная фишинг-атака на промышленные компании
澳大利亚率先开始为婴儿治疗花生过敏症
Aardvark:一个针对多账户AWS IAM访问与身份管理的API框架
World Wide Web Consortium Opposed Google’s Decision on Third-party cookies
The World Wide Web Consortium (W3C) has strongly opposed Google’s decision to halt the deprecation of third-party cookies. The W3C has updated its Technical Architecture Group (TAG) finding to emphasize the necessity of removing third-party cookies due to their inherent privacy issues. The consortium argues that these cookies enable tracking across multiple websites, which can […]
The post World Wide Web Consortium Opposed Google’s Decision on Third-party cookies appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
Социализация потерь: новый план криптобиржи WazirX после кражи $230 млн
Cyberse and the Marketplace Era of Cybersecurity Purchasing
The marketplace era of cybersecurity purchasing is arriving before our eyes. Cyberse is a new startup leading the way.
The post Cyberse and the Marketplace Era of Cybersecurity Purchasing appeared first on Security Boulevard.
New PyPI Package Zlibxjson Steals Discord, Browser Data
Google Chrome security advisory (AV24-430)
North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS
威努特零信任技术方案,构建电力行业数据安全新防线
Tenable Cloud Security To Help Fed Agencies Tackle Cloud Challenges as It Nears FedRAMP Authorization
As federal agencies adopt a cloud-first policy, they face unique challenges in securing cloud infrastructure. Learn how Tenable Cloud Security, which is now FedRAMP "In Process," can help.
As part of the federal government's cloud-first policy, agencies are increasingly adopting cloud computing to modernize their infrastructure and more effectively perform their missions. One key aspect of this modernization for agencies is working with cloud providers that have achieved the Federal Risk and Authorization Management Program (FedRAMP) authorization. Achieving this status is a significant milestone, underscoring a provider’s commitment to securing government data and infrastructure.
As more agencies shift to the cloud, bad actors recognize the opportunity and frequently target vulnerabilities across hybrid and multi-cloud environments. In fact, according to IBM’s most recent Cost of a Breach report, 82% of breaches involved data stored in the cloud—public, private, or multiple environments. These findings reinforce the need for robust cloud security measures and strategies to fortify operations in the cloud and protect critical data. There are several critical challenges agencies face when securing their cloud environment.
Cloud environments are complex and introduce new attack vectorsThis includes the complexity of applications and workloads, as well as new cloud architectures and approaches. This complexity presents a new attack surface vs on-premise environments.
Traditional tools that were originally designed for on-premise setups are no longer effective and do not meet the unique security requirements of cloud environments. New cloud technologies such as PaaS, IaC, Kubernetes and cloud identities present new risks that on-premise security tools cannot protect against. Complicating the matter even further is the dynamic nature of cloud environments. Applications and workloads frequency scale up and down, some for just a few hours at a time.
You can’t protect what you can’t seeThe entire cloud stack – including infrastructure, workloads, identities and data – needs to be protected. Without visibility into the entire stack, agencies are left with gaps in visibility and are unable to proactively identify weak points and exposures throughout their environment. Continuous delivery, cloud sprawl, excess permissions and complex cloud native architectures all play a part and impact an agency's ability to manage and visualize cloud inventories. This limited visibility can result in serious consequences, such as blind spots in monitoring and detection, which prevent agencies from assessing and prioritizing risk.
Securing identities the cloudAs agencies accelerate Zero Trust initiatives, securing identities is of paramount importance. With the increasing use of multi-cloud environments, agencies face the challenge of managing identities across all of their cloud platforms while ensuring secure, resilient and continuous access to cloud-based resources. At any given time, a cloud environment useshundreds of policies and configurations, coupled with tens of thousands of service identities, and human identities, all with privileges to resources. Just one excessive permission is enough for an attacker to take over the entire environment and move laterally or escalate privileges in an attempt to access sensitive data and other resources. Identity is the perimeter in the cloud and due to its far-reaching impact, identity and entitlement security should be a foundational component for securing federal cloud infrastructure.
Security tooling overloadThe entire cloud stack needs to be protected – this includes hybrid and multi-cloud infrastructures, workloads, identities and data to name a few. Implementing disparate tools to secure each layer becomes overly complex and impractical, but it also increases the cost associated with procuring, deploying and managing disparate solutions. Agencies can pursue consolidation to achieve cost efficiencies through reduction of IT spend and to improve overall cyber security risk posture.
Lack of cloud security expertiseIt is hard to find people who are trained in new cloud technologies, and who understand their weaknesses, and know how to defend against attackers. This challenge is exacerbated by new types of cloud services that are released at a very fast rate. In a recent survey by Tenable, 95% of respondents were affected by a lack of expertise in cloud infrastructure protection. And yet, topping organizations’ security priorities over the next twelve months are the implementation of Zero Trust and detecting and remediating cloud misconfigurations. These findings underscore the need for automation and intuitive tools to bridge the expertise gap and expedite productivity for teams.
Protecting federal cloud infrastructure with TenableSo how do federal agencies move past cloud complexity to discover, assess and expose cloud vulnerabilities? Tenable has the answer. Tenable Cloud Security has just received FedRAMP “In Process” status at the moderate impact level on the FedRAMP Marketplace and is eagerly awaiting authorized status for US federal agency use.This is the second step of the three-step process for FedRAMP authorization. We announced in December that we achieved the initial “Ready” designation in the program. This latest phase is a major milestone, delivering on our commitment to strengthen government infrastructures through the use of safe and secure modern cloud technologies. As agencies modernize their platform and advance their cloud-first strategy, they are able to take advantage of our Cloud Native Application Protection Platform (CNAPP) to consolidate and simplify their cloud security.
With Tenable Cloud Security, federal agencies are able to:
- Get an actionable solution to cloud risk, rapidly exposing and closing priority security gaps caused by cloud misconfigurations, risky entitlements for users and services, vulnerabilities and overly-permissive access to confidential data.
- Leverage guided remediation workflows to take action on the most critical risks and strengthen Zero Trust initiatives.
- Streamline compliance and audits with 1-click reporting and intuitive dashboards built to share with various stakeholders.
- Automate threat detection with continuous behavioral analysis and anomaly detection based on built-in and custom policies.
In addition to Tenable Cloud Security, Tenable has achieved FedRAMP authorization at the moderate impact level for Tenable Vulnerability Management and Tenable Web App Scanning.
For more information:
- Review the Tenable CS FedRAMP Marketplace Listing
- Visit the Tenable Cloud Security webpage
G.O.S.S.I.P 阅读推荐 2024-07-31 开发一个链接器
Data Breaches for the Month July 2024
Every month, we witness a significant rise in data breaches. Over the past six months, India has experienced a surge in cyber-attacks, with 388 data breaches, 107 data leaks, and...
The post Data Breaches for the Month July 2024 appeared first on Strobes Security.
The post Data Breaches for the Month July 2024 appeared first on Security Boulevard.