The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
As we get ready to wish the term SASE a happy 4th birthday, it seems odd that there is still a great deal of confusion in the market about what SASE really is and how it relates to a ‘Zero Trust’ architecture. For many, SASE is a framework for secure network design; for others, it’s seen more as an architectural approach to delivering Zero Trust. So why do we have this confusion when Gartner defined SASE back in 2019?
A common mistake IT organizations make, is having a well-designed Public Key Infrastructure (PKI), but at the same time having client devices, such as monitoring agents for your Citrix NetScalers, which accept to set up any encrypted connection, to any device, no matter what certificate they are presenting. In this case, you basically allow connections to be made to devices you do not know whether they can be trusted. This makes you vulnerable for 'spoofing'.
Cloud computing and the use of cloud native architectures enable unparalleled performance, flexibility, and velocity. The speed of innovation has driven significant advancements across industries, but as digitalization continues pushing applications and services to the cloud, bad actors’ intrusion techniques have also become more sophisticated.
Without an active SSL certificate, user contact with the website is no longer secured, making it possible for any malicious entity to access private user information. Users are unlikely to return to the website after viewing a security notice, though. The simplest way to monitor the expiration of your site certificates is to use an efficient, automatic SSL certificate expiry monitoring solution.
In some respects, security and reliability are competing priorities. Security controls may reduce reliability, and responding to security incidents may require mission-critical systems to be paused or shut down until they're secure. The recent security incident involving CircleCI, however, shows that it's not always necessary to choose between prioritizing security or reliability.
When people think of home security they usually think of an alarm system with a keypad next to the door. These days, however, home security should have two meanings. I’m here to talk about the second: cybersecurity. In other words, security in the smart home.
Yesterday, CircleCI, a Continuous Integration/Continuous Delivery (CI/CD) service, notified the world it had been breached via a critical advisory from its CTO. As a major software delivery pipeline service, CircleCI users store myriad credentials for various services in CircleCI’s “Secrets Store” infrastructure.
It is no surprise that cybercriminals are after the money, and banks have plenty lying around. They also have gobs of data, making banks irresistible to hackers who have a field day attacking complex banking IT systems flush with more connections than a movie agent. Here are a few recent facts to know.
