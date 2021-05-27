Cancel
CreatorsPublishersAdvertisers
View more in
Computers

May ’21 Newsletter

By Sean Blanton
securityboulevard.com
 5 days ago

Welcome to JumpCloud’s May Newsletter. We tend to think that big, unexpected events will disrupt our projects. Instead, it’s the simple, everyday activities that derail us time and time again. When simple tasks like imposing multi-factor authentication, aiding in password resets, or simply viewing basic user details are streamlined, our...

securityboulevard.com
IN THIS ARTICLE
#Google Meet#Security Controls#Network Access#Aws#Slack Users#Health Apps#Google Apps#May Newsletter#Security Bloggers Network#Blog#Conditional Auth#Sso#Webinars#One Click Access#Directories#Basic User Details#Access Transactions#Password Resets#End Users#High Risk Apps
YOU MAY ALSO LIKE
News Break
Microsoft
News Break
Apple
News Break
Technology
News Break
Computers
News Break
Google
Related
Softwaregitconnected.com

VSCode-Your IP Address in a Glance

When you’re working in Visual Studio Code IDE, there comes a time when you require the IP Address on the machine your working on. It’s too much of a cumbersome job to open up the browser, depending upon your operating system; search the internet for the relevant commands that would display a long list of IP addresses and finally sort out the one that you require.
Computersthegaltimes.com

Cloud storage that encrypts your files so they’re safe

There was a time when the free triumphed on the internet. Being strict, this is still the case. But there are those who wonder to what extent it is worth using free services in exchange for their data, our data, being used to advertising campaigns or to sell us something. Cloud storage is a sector that offers free and paid space to save files. And it is increasingly common that, among their functions, they highlight the encryption of your files to keep them safe.
SoftwareInfoQ.com

Microsoft and Elastic Partner to Offer Elastic Stack on Azure

Microsoft and Elastic have recently announced Elastic on Azure, a preview service that offers managed Elastic, Logstash, and Kibana to search, analyze, and visualize data in real time on Azure. The new service is supported by Elastic and allows Azure customers to purchase an Elastic Cloud plan and consolidate billing...
Softwarecioapplications.com

Valuable Practices for API Security

The rise of APIs brings with it the possibility of more outstanding security flaws, necessitating a better understanding of the risk by developers to protect the company and consumer data. Fremont, CA: Enterprise developers increasingly depend on application programming interfaces (APIs) to facilitate the delivery of new goods and services....
Computerscioapplications.com

Datadog Announces Support for Application Monitoring with AWS App Runner

AWS App Runner is a purpose-built container application service that allows customers to create and run containerized web applications and APIs with no previous container or infrastructure experience. FREMONT, CA: Datadog, a monitoring and security platform for cloud applications, has declared support for application monitoring with AWS App Runner, joining...
Softwaresecurityboulevard.com

Microsoft Exchange Admin Portal Goes Down Due to an Expired SSL Certificate

On May 23, 2021, a Sunday, Microsoft Exchange administrators woke up to warning messages on their browsers as they tried to access the Microsoft Exchange Admin Portal. The portal was rendered inaccessible with the message “Your connection is not private,” caused by an outage that was later traced back to an expired SSL certificate. According to Qualys SSL Labs, the certificate associated with the Exchange Admin Portal expired at 8 AM ET on Sunday, which oddly escaped Microsoft’s attention radar.
Softwaresecurityboulevard.com

Gaining Insights Is Fundamental for API Security

As enterprises continue their digital transformation journey in this Post-COVID era, applications are the engine that drives their business growth. Whether it’s a digital-first enterprise or one that is accelerating its digital transformation initiatives, APIs are not only opening up systems so that applications can run faster, but also the de facto core of today’s modern application development styles – like microservices, Docker, and Kubernetes. The next time you are watching Netflix, or listening to Spotify on your smartphone, remember it’s a guarantee that there is an API behind your point-and-click request to get more information about the artist. Likewise, Google’s 2021 State of API Economy Research reported that 58% of global enterprise IT decision-makers said APIs are speeding new app development. Meanwhile, cyberattackers have already pivoted and focused their malicious activities on this promising environment.
Technologysiliconangle.com

New ‘Epsilon Red’ ransomware is targeting unpatched Microsoft Exchange servers

A new form of ransomware dubbed “Epsilon Red” has been found in the wild targeting unpatched Microsoft Corp. Exchange servers. First detected by security researchers at Sophos plc and revealed Friday, the ransomware was found targeting a U.S.-based business in the hospitality industry. Delivered as the final executable payload in a hand-controlled attack, the ransomware demanded a payment of 4.29 bitcoin, valued at the time at about $210,000.
Computersgartner.com

SaaS Management Platforms: Promise, Perception and Practicality

At Gartner, I have been involved in defining and covering quite a few management platforms. Among these ‘management’ platforms, I see SaaS Management Platforms as the most misunderstood and having the greatest challenges in the years ahead. This essay is not about SMP functionality but more about the meta-challenges facing management of SaaS applications.
Softwaretherecord.media

PoC published for new Microsoft PatchGuard (KPP) bypass

A security researcher has discovered a bug in PatchGuard––a crucial Windows security feature––that can allow threat actors to load unsigned (malicious) code into the Windows operating system kernel. Discovered by Japanese researcher Kento Oki, the issue remains unfixed. In an email last week, Kento told The Record he did not...
Computersportswigger.net

Deadshot: Open source DevOps tool stops sensitive data from being uploaded to GitHub

Software code repositories could be harboring organizations’ credentials, secrets, and other sensitive data without developers’ knowledge – and this information could provide an invaluable resource for criminal hackers. This is according to security specialists at communications technology company Twilio, who have launched a free tool that warns developers when they...
Public Healthsecurityboulevard.com

Imperva’s WAF Gateway 14.4 Protects Enterprises for the Post-COVID Era

Whether it’s called the New Normal or Next Normal era, COVID-19 has impacted all businesses worldwide and accelerated their digital transformation initiatives during this new post-pandemic era. Whether it’s from a recent retail trend like omnichannel commerce or a newly defined, post-COVID practice like contactless transactions, businesses are definitely going digital. There was a period, here in the US, where restaurants and other food-related services were only doing their transactions online. It was reported by a leading online transaction vendor, “In a year of unprecedented changes and challenges, 2020 also posed some interesting opportunities for businesses to embrace digital payments. Many moved their business online for the first time, ushering in a new digital transformation.” To sustain their global business, many enterprises are looking to online commerce as a key enabler. As they focus on this, enterprises are also leveraging their investments in new protocols and faster networks from Wi-Fi6 and 5G to enhance customer experiences both online and mobile. Likewise, so have the cybercriminals, as they have increased their level of progressive attacks with advanced bots and other innovative threats. Verizon’s latest 2021 data breach report validated this by stating, ‘the pandemic has influenced cyber-criminal activity, with the focus shifting strongly toward work-at-home infrastructure. 39% of all data breaches in 2020 stemmed from web application compromise.’
Technologysecurityboulevard.com

4 Ways CISOs Can Strengthen Their Security Resilience

A new article in Dark Reading discusses the “4 Ways CISOs Can Strengthen Their Security Resilience.” The article caught my attention because one of the 4 areas was to “Secure Workloads and Kubernetes Environments.” I was surprised by the inclusion of this requirement not because it isn’t important, but because I assumed it would be just considered a given requirement in every organization today.
Softwarehelpnetsecurity.com

Best practices for securing the CPaaS technology stack

Like everything that’s connected to the cloud, Communications Platform-as-a-Service (CPaaS) solutions are vulnerable to hacking, which increased dramatically as workforces shifted to remote and hybrid models because of the pandemic. For this reason and others, such a platform must be built secure by design. This means taking the time necessary...
SoftwareVentureBeat

Microsoft Build touts Power Apps, Cosmos DB enhancements to develop code faster

At Microsoft’s Build conference this week, CEO Satya Nadella was focused on speed. “It’s all about that developer velocity,” he promised, as the company unveiled tools and services that would enable developers to turn ideas into software stacks faster. The annual event has something for both traditional developers and newer...
ComputersInfoworld

CTO Advisor: Comparison of VMware Cloud Options

The CTO Advisor team walks through key findings of their team’s VMware cloud research and testing. The cloud provider’s approach to hybrid infrastructure and application modernization. How the resource learning curve to deploy and manage each solution varies widely and is highly dependent on the operations team’s knowledge of the...
Softwarethegaltimes.com

Fortinet Integrates Secure SD-WAN into Google Cloud NCC | News | Safety

Fortinet integrates Secure SD-WAN into the Google Cloud NCC. Fortinet has announced the integration of its solution Secure SD-WAN in the Google Cloud Network Connectivity Center (NCC). With this operation, the company extends the benefits of its solution to Google Cloud NCC users to simplify and improve their connection through distributed sites, Google cloud workloads and applications.
SoftwareCIO

Move ISV Webinar: Secure your Applications in the Cloud

Join us to see what Oracle Cloud Infrastructure's security-first design could mean for your apps. OCI is architected with security-first design principles to protect workloads from attacks and effectively govern access rights. In addition to these robust security capabilities, OCI supports a broad set of compliance standards, enabling ISVs to confidently sell and deploy their applications to customers in regulated industries, including Healthcare, Financial Services and Government.