David Strom


Latest from David Strom

New research highlights difficulty of preventing Outlook security exploits

Haifei Li, a principal vulnerability researcher at Check Point Software Technologies Ltd., examines the universe of Microsoft Outlook exploits in a new blog post this week that has lessons for users and security managers alike. Li divides this collection into three parts: embedded malicious hyperlinks, malware-laced attachments and more specialized attack vectors. Li has investigated many ...

One person’s quest to fix Ukraine’s electric power grid

A post this week on Cisco Talos’ blog literally shows the power of one person’s grit and determination. Joe Marshall, a cyberthreat researcher at Cisco Systems Inc.’s threat intelligence research team, was seeing what was happening in Ukraine, where Russian attacks on its electric grid had left millions of its citizens without power last winter. ...

New Citrix Bleed ransomware threat hits many credit unions

Ransomware groups are leveraging new attacks using the Citrix Bleed vulnerability. Late last week saw more than 60 credit unions’ operations disrupted, thanks to a common technology services provider’s unpatched Netscaler servers. Representatives from the National Credit Union Administration confirmed the outage happened in a post for The Register over the weekend. The provider is ...

Wiz acquires Raftt to increase its cloud security capabilities

Security firm Wiz Inc. announced today its first corporate acquisition, a fellow Israeli cybersecurity firm Raftt. Raftt has been operating for three years and had raised $5 million from a variety of private and public venture capital firms, including Adi Sharabani, founder of Skycure Ltd. and currently at Snyk Ltd., and Ariel Asraf, chief executive ...

New iOS and iPad zero-day vulnerabilities spur yet another update

Apple announced Thursday that owners of its mobile devices will require yet another operating system update. The latest versions are iOS and iPadOS version 17.1.2. Owners of at least iPhone XS and various iPads going back to first and second generations – especially those running older OS versions — should update immediately. The issue has ...

Sporting-related businesses suffer from immature cybersecurity practice, according to a new report

The business of sports, from the teams to the fans and regulators, is one of the last bastions of poor cybersecurity hygiene, according to a report released today by NCC Group. Entitled “The Hidden Opponent: Cyber Threats in Sport,” it describes a series of technology failures, a dearth of funding, the lack of cybersecurity leadership, exposure ...

Proton adds new Sentinel protective feature to its password manager

Proton AG, the Swiss security firm notable for its end-to-end encrypted email offering, today announced an enhancement to its Pass password manager software called Sentinel. The feature prevents attackers from getting access to users’ data even if they have stolen Proton account credentials. The company claims this is a unique feature, and that’s likely a ...
ANALYSIS

Amazon expands its palm-reading One services for enterprise identity management

Amazon Web Services Inc. Monday announced an expansion of its palm-reading technology called One for enterprise identity management purposes. The service, announced at the AWS re:Invent conference in Las Vegas, is now available for preview in the U.S. only. The enterprise version is based on the existing One technology that has been deployed in hundreds of ...

Cross-government cybersecurity best practices announced for safer AI development

The U.K.’s National Cyber Security Center along with several dozen governments’ cyber agencies and AI vendors yesterday jointly released their Guidelines for Secure AI System Development. The guidelines are broken down into four key areas within the AI system development lifecycle: secure design, secure development, secure deployment, and secure operation and maintenance. These cover the waterfront, including ...

Cloud security continues to give IT managers headaches. Here’s why

Cloud security continues to vex corporate information technology managers, and new research indicates that the problems are both widespread and not easily fixable, thanks to a number of weak areas. In many cases, the procedures to secure cloud workloads has been well-known for years but aren’t always applied consistently or reliably. Some old chestnuts, such ...