David Strom – SiliconANGLE

The changing economics of open-source software

David Strom — Sun, 31 Dec 2023 20:53:31 +0000

The world of open-source software is about to go through another tectonic change. But unlike earlier changes brought about by corporate acquisitions, this time it’s thanks to the growing series of tech layoffs. These could lead to many projects being crippled because their principals are now unemployed or will get new jobs in less open-favorable […]

The post The changing economics of open-source software appeared first on SiliconANGLE.

Here are the major security threats and trends for 2024 – and how to deal with them

David Strom — Thu, 28 Dec 2023 16:21:03 +0000

What a year 2023 was for cybersecurity! It was a year the world became obsessed with generative artificial intelligence — and a year that brought new breaches with old exploits, a year that brought significant consolidation in the security tools marketplace, and a year when passkeys finally took hold, at least for consumers. Are businesses […]

The post Here are the major security threats and trends for 2024 – and how to deal with them appeared first on SiliconANGLE.

Akamai finds new Outlook exploits that leverage sound file attachments

David Strom — Mon, 18 Dec 2023 15:08:08 +0000

Akamai Technologies Inc. researcher Ben Barnea has found two vulnerabilities in Windows Outlook clients that could cause remote code execution by attackers sending specially crafted sound file attachments. Both build on previous exploits that have been previously discovered and only partially remediated by Microsoft Corp. in March, August and October. Barnea posted two blog posts […]

The post Akamai finds new Outlook exploits that leverage sound file attachments appeared first on SiliconANGLE.

How the maturing ‘infrastructure-as-code’ market has changed the path of software development

David Strom — Tue, 12 Dec 2023 21:48:57 +0000

Infrastructure as code, the practice of managing and provisioning cloud infrastructure through software code rather than manually, may be the darling of many analysts, as the IaC market is projected to reach more than $2 billion in 2027. But it’s going through some growing pains as it matures. A recent analysis by Jason Turim on […]

The post How the maturing ‘infrastructure-as-code’ market has changed the path of software development appeared first on SiliconANGLE.

Ukraine’s largest telecom carrier hit with cyberattack of presumed Russian origin

David Strom — Tue, 12 Dec 2023 16:53:51 +0000

Updated below: The largest telecom provider in Ukraine today was hit with a crippling cyberattack, presumably from a Russian source, that left millions of people without cell and internet services. Kyivstar, which has 24 million subscribers, reported via its Facebook page that it got hit by a powerful cyberattack that led to a “large-scale technical failure,” according to […]

The post Ukraine’s largest telecom carrier hit with cyberattack of presumed Russian origin appeared first on SiliconANGLE.

Cloudflare reveals growth in internet traffic report and outages

David Strom — Tue, 12 Dec 2023 14:05:26 +0000

As massive as it already is, global internet traffic grew by 25% from last year, with Google the most popular general service provider and OpenAI the most popular generative AI provider, Cloudflare Inc. revealed today in its annual review of global internet traffic and trends based on its Radar telemetry. Starlink made high-performance internet available in […]

The post Cloudflare reveals growth in internet traffic report and outages appeared first on SiliconANGLE.

Data breaches reach all-time high, according to a new report from MIT

David Strom — Mon, 11 Dec 2023 17:33:21 +0000

Threats and data breaches are increasing at an alarming rate across the board, according to a new study commissioned by Apple Inc. Breaches are at an all-time high, ransomware is on the rise and more dangerous than ever, and third-party and supply chain exploits are also getting more targeted, more effective and more pervasive, according to […]

The post Data breaches reach all-time high, according to a new report from MIT appeared first on SiliconANGLE.

North Korean hackers Lazarus Group takes new Telegram tactics

David Strom — Mon, 11 Dec 2023 13:08:36 +0000

Cisco Systems Inc.’s Talos Intelligence unit posted today new findings about the North Korean hacking group called Lazarus that outline new ways it’s targeting attacks. “We have observed Lazarus target companies in the manufacturing, agricultural and physical security sectors,” their analysts wrote in the post. The group has been around since 2010 and was responsible […]

The post North Korean hackers Lazarus Group takes new Telegram tactics appeared first on SiliconANGLE.

Akamai discovers Active Directory DNS spoofing exploit

David Strom — Thu, 07 Dec 2023 19:42:18 +0000

The combination of Domain Name System, Active Directory and the Dynamic Host Configuration Protocol is a potential cybersecurity threat, Akamai Technologies Inc. security researcher Ori David warned in a blog post today. The trouble has to do with the way Microsoft Corp. has assembled DHCP DNS Dynamic Updates. DHCP is a very useful protocol: It […]

The post Akamai discovers Active Directory DNS spoofing exploit appeared first on SiliconANGLE.

UK reveals years-long Russian cyber-espionage activities

David Strom — Thu, 07 Dec 2023 17:54:02 +0000

This probably comes as no surprise to anyone, but Britain’s Foreign Office revealed on Thursday that it has found long-term evidence of cyber-espionage targeting a variety of politicians, public officials and journalists by the FSB, Russia’s main security agency. The activities were tracked back to 2015 to the present by a group called Star Blizzard […]

The post UK reveals years-long Russian cyber-espionage activities appeared first on SiliconANGLE.

New research highlights difficulty of preventing Outlook security exploits

David Strom — Wed, 06 Dec 2023 21:05:24 +0000

Haifei Li, a principal vulnerability researcher at Check Point Software Technologies Ltd., examines the universe of Microsoft Outlook exploits in a new blog post this week that has lessons for users and security managers alike. Li divides this collection into three parts: embedded malicious hyperlinks, malware-laced attachments and more specialized attack vectors. Li has investigated many […]

The post New research highlights difficulty of preventing Outlook security exploits appeared first on SiliconANGLE.

One person’s quest to fix Ukraine’s electric power grid

David Strom — Wed, 06 Dec 2023 19:07:41 +0000

A post this week on Cisco Talos’ blog literally shows the power of one person’s grit and determination. Joe Marshall, a cyberthreat researcher at Cisco Systems Inc.’s threat intelligence research team, was seeing what was happening in Ukraine, where Russian attacks on its electric grid had left millions of its citizens without power last winter. […]

The post One person’s quest to fix Ukraine’s electric power grid appeared first on SiliconANGLE.

New Citrix Bleed ransomware threat hits many credit unions

David Strom — Mon, 04 Dec 2023 19:02:50 +0000

Ransomware groups are leveraging new attacks using the Citrix Bleed vulnerability. Late last week saw more than 60 credit unions’ operations disrupted, thanks to a common technology services provider’s unpatched Netscaler servers. Representatives from the National Credit Union Administration confirmed the outage happened in a post for The Register over the weekend. The provider is […]

The post New Citrix Bleed ransomware threat hits many credit unions appeared first on SiliconANGLE.

Wiz acquires Raftt to increase its cloud security capabilities

David Strom — Mon, 04 Dec 2023 16:35:03 +0000

Security firm Wiz Inc. announced today its first corporate acquisition, a fellow Israeli cybersecurity firm Raftt. Raftt has been operating for three years and had raised $5 million from a variety of private and public venture capital firms, including Adi Sharabani, founder of Skycure Ltd. and currently at Snyk Ltd., and Ariel Asraf, chief executive […]

The post Wiz acquires Raftt to increase its cloud security capabilities appeared first on SiliconANGLE.

New iOS and iPad zero-day vulnerabilities spur yet another update

David Strom — Fri, 01 Dec 2023 17:38:44 +0000

Apple announced Thursday that owners of its mobile devices will require yet another operating system update. The latest versions are iOS and iPadOS version 17.1.2. Owners of at least iPhone XS and various iPads going back to first and second generations – especially those running older OS versions — should update immediately. The issue has […]

The post New iOS and iPad zero-day vulnerabilities spur yet another update appeared first on SiliconANGLE.

Sporting-related businesses suffer from immature cybersecurity practice, according to a new report

David Strom — Fri, 01 Dec 2023 08:06:45 +0000

The business of sports, from the teams to the fans and regulators, is one of the last bastions of poor cybersecurity hygiene, according to a report released today by NCC Group. Entitled “The Hidden Opponent: Cyber Threats in Sport,” it describes a series of technology failures, a dearth of funding, the lack of cybersecurity leadership, exposure […]

The post Sporting-related businesses suffer from immature cybersecurity practice, according to a new report appeared first on SiliconANGLE.

Proton adds new Sentinel protective feature to its password manager

David Strom — Thu, 30 Nov 2023 11:01:03 +0000

Proton AG, the Swiss security firm notable for its end-to-end encrypted email offering, today announced an enhancement to its Pass password manager software called Sentinel. The feature prevents attackers from getting access to users’ data even if they have stolen Proton account credentials. The company claims this is a unique feature, and that’s likely a […]

The post Proton adds new Sentinel protective feature to its password manager appeared first on SiliconANGLE.

Amazon expands its palm-reading One services for enterprise identity management

David Strom — Tue, 28 Nov 2023 17:45:01 +0000

Amazon Web Services Inc. Monday announced an expansion of its palm-reading technology called One for enterprise identity management purposes. The service, announced at the AWS re:Invent conference in Las Vegas, is now available for preview in the U.S. only. The enterprise version is based on the existing One technology that has been deployed in hundreds of […]

The post Amazon expands its palm-reading One services for enterprise identity management appeared first on SiliconANGLE.

Cross-government cybersecurity best practices announced for safer AI development

David Strom — Mon, 27 Nov 2023 19:53:49 +0000

The U.K.’s National Cyber Security Center along with several dozen governments’ cyber agencies and AI vendors yesterday jointly released their Guidelines for Secure AI System Development. The guidelines are broken down into four key areas within the AI system development lifecycle: secure design, secure development, secure deployment, and secure operation and maintenance. These cover the waterfront, including […]

The post Cross-government cybersecurity best practices announced for safer AI development appeared first on SiliconANGLE.

Cloud security continues to give IT managers headaches. Here’s why

David Strom — Thu, 23 Nov 2023 18:38:43 +0000

Cloud security continues to vex corporate information technology managers, and new research indicates that the problems are both widespread and not easily fixable, thanks to a number of weak areas. In many cases, the procedures to secure cloud workloads has been well-known for years but aren’t always applied consistently or reliably. Some old chestnuts, such […]

The post Cloud security continues to give IT managers headaches. Here’s why appeared first on SiliconANGLE.

LockBit malware group still at large, now using Citrix Bleed tactics

David Strom — Wed, 22 Nov 2023 15:59:07 +0000

The malware group behind the LockBit ransomware attacks has gotten even more sophisticated. Australian cybersecurity officials, the FBI and the Cybersecurity and Infrastructure Security Agency on Tuesday jointly released a security advisory on how the group is exploiting the CitrixBleed vulnerability. The group isn’t the only one using this issue, which compromises various Citrix load balancing and […]

The post LockBit malware group still at large, now using Citrix Bleed tactics appeared first on SiliconANGLE.

Phobos ransomware group steps up its game

David Strom — Mon, 20 Nov 2023 16:44:11 +0000

The 8Base ransomware group, the criminals behind the Phobos malware, continue to advance its tactics and is branching out into selling ransomware-as-a-service, according to a new report Friday from Cisco Talos Intelligence. In June, SiliconANGLE wrote about the group’s summer exploits from a VMware Inc. report. Phobos-based attacks have been observed since 2018 and it […]

The post Phobos ransomware group steps up its game appeared first on SiliconANGLE.

Ransomware attacks now come with SEC breach complaints

David Strom — Thu, 16 Nov 2023 16:28:49 +0000

In what could be called the ultimate hubris, the ALPHV/BlackCat ransomware group this week filed a U.S. Securities and Exchange Commission complaint. It’s certainly a unique way to increase the trouble generated by one of its attacks. The complaint, which is described in detail in yesterday’s post on Bleeping Computer by Ionut Ilascu, charges one […]

The post Ransomware attacks now come with SEC breach complaints appeared first on SiliconANGLE.

Wiz adds AI security to its cloud protection line

David Strom — Thu, 16 Nov 2023 15:01:32 +0000

Wiz Inc. today announced new artificial intelligence-related extensions to the modules in its cloud-native application protection platform line of products. CNAPP tools combine a variety of defensive mechanisms to protect access controls, secure source code pipelines, harden authentication and encryption tasks, and remediate threats. The company points out the problem with what it calls “shadow AI,” […]

The post Wiz adds AI security to its cloud protection line appeared first on SiliconANGLE.

Broad collection of security products announced at Microsoft Ignite

David Strom — Wed, 15 Nov 2023 16:03:42 +0000

Microsoft today announced a raft of security features that include substantive enhancements to its existing products and services at its Ignite conference in Seattle and online. The news integrates more than 50 different feature sets into six general product lines, offering both completely new products as well as enhancements to existing ones, as shown below. […]

The post Broad collection of security products announced at Microsoft Ignite appeared first on SiliconANGLE.

SecureAuth’s Arculix gets new identity orchestration features

David Strom — Wed, 15 Nov 2023 12:14:49 +0000

SecureAuth Corp. today announced a major upgrade to its identity management software Arculix, with new features that include improvements to its authentication orchestration and integrations to Citrix and Microsoft’s Entra identity products to enable more automated authentication processes. Orchestration is no small feature enhancement. It’s the heart and soul of identity management. Setting up the […]

The post SecureAuth’s Arculix gets new identity orchestration features appeared first on SiliconANGLE.

Palo Alto Networks adds new AI-related security features to its Cortex line

David Strom — Mon, 13 Nov 2023 15:37:47 +0000

Palo Alto Networks Inc. today added new artificial intelligence-related security features to its Cortex security automation and intelligence product line — the key word being “automation,” especially when it comes to finding and stopping threats and exploits. The average time to discover and contain an incident takes five and a half days, according to the company. […]

The post Palo Alto Networks adds new AI-related security features to its Cortex line appeared first on SiliconANGLE.

New spam exploit vector abuses Google Forms’ quizzes

David Strom — Fri, 10 Nov 2023 14:56:33 +0000

Yet another way for spammers to worm their way into systems was uncovered Thursday by the researchers at Cisco Systems Inc.’ Talos Intelligence blog. This time, it’s an exploit that involves abusing the quiz results feature of Google Forms. It is both clever and dastardly — clever, because the exploit is subtle and complicated. It […]

The post New spam exploit vector abuses Google Forms’ quizzes appeared first on SiliconANGLE.

Kubernetes security remains a big challenge for enterprise developers

David Strom — Fri, 10 Nov 2023 13:50:09 +0000

As enterprise software containers become ever more critical to running applications easily across clouds, securing them has become a mounting problem. And as more workloads move onto these containers, using the container cluster management software Kubernetes, they require better tools, more specialized knowledge of their potential exploits, and more automated techniques that are still being […]

The post Kubernetes security remains a big challenge for enterprise developers appeared first on SiliconANGLE.

Application interfaces become more popular for authorization security exploits

David Strom — Tue, 07 Nov 2023 13:05:56 +0000

Application programming interfaces are critical to provide levels of system access permissions for particular groups of users, but they also present a big problem: Authorization using APIs provides a convenient backdoor for potential attacks, not to mention that APIs can become brittle and consume hours to debug and fix. That’s why API authorization is getting a […]

The post Application interfaces become more popular for authorization security exploits appeared first on SiliconANGLE.