Amazon will require MFA on member accounts in AWS Organizations beginning in Spring 2025, the company announced Friday. Amazon’s latest announcement comes at the heels of other tech giants similarly announcing expansions of their MFA requirements. Last week, Google Cloud announced it would roll out MFA requirements for all users beginning this month until the […]

Palo Alto Networks confirmed Thursday that a critical zero-day vulnerability in its firewall management interfaces is under exploitation in the wild. The vulnerability, which the vendor tracks as PAN-SA-2024-0015, is an unauthenticated remote command execution vulnerability in PAN-OS firewall software that Palo Alto Networks assigned a 9.3 CVSS score. Word of a potential flaw came […]

Identity governance and administration (IGA) is the collection of processes and practices used to manage user digital identities and their access throughout the enterprise. IGA represents two areas: Identity governance addresses issues of organization, providing practitioners with network visibility, roles, attestation or proof, segregation of duties (SoD), reporting and analytics. Identity administration handles issues of […]

Infoblox warned that threat actors are increasingly exploiting misconfigured DNS name servers to hijack domains using a technique that’s difficult for victims to detect. The network security vendor published a new report Thursday titled “DNS Predators Attack: Vipers and Hawks Hijack Sitting Ducks.” The report expands on an attack vector dubbed “Sitting Ducks” that Infoblox […]

CISA and the FBI confirmed that Chinese nation-state actors have compromised telecommunications provider networks to spy on government and political leaders in what the agencies called a “broad and significant cyber espionage campaign.” The government agencies published a joint statement on Wednesday, which said the U.S. has been investigating the People’s Republic of China targeting […]

Data stored as objects can take many different forms and sizes, such as analytical data and video files, and volumes can run high — think petabytes. As a result, object storage security is essential to protect data from hackers, ransomware, and other cyberattacks and risks. The eight best practices for object storage security here include […]

Generative AI presents enterprises with higher cloud costs than traditional workloads, complicating multi-cloud security and networking, according to one industry CEO. Data gravity and the cost of GPU-based computing infrastructure that’s required for generative AI (GenAI) mean many enterprises are choosing to move AI apps to various locations, including back on-premises, according to Doug Merritt, […]

Attackers exploited significantly more zero-day vulnerabilities against victim organizations in 2023 compared to 2022, according to a new government advisory. CISA published a joint government advisory Tuesday that detailed the topmost exploited vulnerabilities of 2023. The advisory, co-authored by agencies in the U.K., Australia, Canada and New Zealand, warned of alarming trends that further underscored […]

For November Patch Tuesday, Microsoft admins must address two Windows zero-days quickly, but enterprises that use on-premises Exchange Server should prioritize patching that platform to resolve a spoofing vulnerability. This Patch Tuesday, Microsoft released fixes for 88 new vulnerabilities with four rated critical. Of the two zero-days, one was also publicly disclosed. In total, Microsoft […]