Data protection principles are the same whether your data sits in a traditional on-premises data center or a cloud environment. However, the way you apply those principles is quite different when it comes to cloud security vs. traditional security. Moving data to the cloud – whether it's a public cloud like AWS, a private cloud or hybrid cloud — introduces new attack surfaces, threats and challenges, so you need to approach security in a new way.

In today's fast-paced business environment, the ever-evolving landscape of technology empowers employees with unprecedented flexibility and agility. While this fosters innovation and productivity, it also presents a lurking challenge—Shadow IT. This term encapsulates the use of unauthorized software, applications, or devices within an organization, posing substantial cybersecurity risks and operational hurdles.

The stark reality of cybersecurity today isn’t merely a question of advanced software or strategic counterattacks. It’s about people. The financial impact is undeniable with cybercrime costs projected to reach an astonishing $10.5 trillion annually by 2025. Yet, beneath these figures lies a more pressing issue: the exploitation of human psychology.

Read also: Sanctions used for the first time for a Russian cybercriminal, Trickbot member gets a 5-year prison sentence, and more.

In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year's events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques.

If you’re using GKE (Google Kubernetes Engine), you should be extremely cautious when adding roles to the system:authenticated group because anyone with a Gmail account can access your cluster.

Nightfall is starting off the new year strong with several exciting updates, including a smoother Google Drive remediation workflow, an automatic annotations feature, and all-new policy pages for Atlassian and Google Drive. Read on to learn more about what we’ve been up to this month.

An authentication bypass vulnerability, tracked as CVE-2024-0204, was discovered in Fortra's GoAnywhere MFT versions prior to 7.4.1 and allows an unauthorized user to create an admin user via the administration portal. This vulnerability has a CVSS score of 9.8 with a high potential for exploitation, which we expect to see in the short term due to a proof of concept (PoC) being available. Fortra informed customers on December 4, 2023, of the flaw via an internal forum post.

First Financial Security, Inc. (FFS) is a nationwide insurance brokerage agency that assists insurance representatives in training, equipment, and licensing. They offer clients solutions for sustaining retirement funds and financial protection against untimely death, illness, and injury. They partner with other nationally recognized brokers, including Gerber Life Insurance and National Life Group. In October 2023, FFS faced a ransomware cyberattack; months later, the outcome was bittersweet.

In this episode of Trust Issues, CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe joins host David Puner for a discussion about the emerging threat of AI kiddies, a term that describes novice attackers using large language models (LLMs) and chatbots to launch cyberattacks without any coding skills.