SiliconANGLE: Managing supercloud authentication remains tricky – with no easy solution in sight

Posted on by
Reply
Authenticating people and apps in the cloud stretch SSO tools to the breaking point, not helped by sloppy access controls, continuous auth and rising MFA bypass hacks — read my analysis for SiliconANGLE here. The issues stemming from poorly provisioned containers, inconsistent access rights and over-privileged users will remain for the near future — all the more so as clouds become more pervasive and more complex.

Book review: Blind Fear

Posted on by
Reply

Blind Fear: A Thriller (The Finn Thrillers Book 3) by [Brandon Webb, John David Mann]This is the third in the series of “fear” books featuring ex-Navy SEAL Finn in another escapade, this time in Puerto Rico in the process of saving two children who get caught up in a series of unfortunate events. Finn is trying to find the kids, who have been abducted on a snorkel trip. Meanwhile, two federales are searching for Finn and land on the island and start tracking him down. The characters, as with the previous two novels, are well drawn, the situations ultra realistic, the conflicts seemingly vexing. You don’t have to read the other books to get involved here, and if you are fans of Lee Child’s Reacher or Brad Thor’s books you will find this novel enjoyable and the pace the usual madcap and mayhem.

SiliconANGLE: US-EU data privacy framework approved but still could be inadequate

Posted on by
Reply

The E.U.-U.S. Data Privacy Framework was adopted today by the European Union. This follows their adoption by the U.S. Department of Commerce last week. The action also creates a new U.S.-based judicial body, called the Data Protection Review Court, which will review cases about EU privacy rights that fall under the framework’s jurisdiction. Some privacy analysts feel this isn’t enough protection, as I describe in my story for SiliconANGLE today.

SiliconANGLE: State data privacy laws are changing fast – here’s what businesses need to know

Posted on by
Reply

With no federal data privacy law on the books, states are doubling down on new laws governing the protection of people’s data.

In the past year, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas have all enacted such laws, more than doubling the number states had them previously — those being California, Colorado, Connecticut, Utah and Virginia.

Although that represents progress, it’s also a challenge for companies doing business nationally to keep track of the subtle differences among the various laws. My analysis for SiliconANGLE here.

SiliconANGLE: How AI and large language models can help cybersecurity firms improve their services

Posted on by
Reply

Just about every cybersecurity provider has an artificial intelligence-related story to tell these days. Many of them are first iteration AI-enhanced tools and are just like anything else AI-related: enhancements. Some vendors like Nvidia have taken AI to the extreme, as this diagram shows.

My review of the tools and what they portend for our secure future here on SiliconANGLE today.

 

SiliconANGLE: Apps under attack: New federal report suggests ways to improve software code pipeline security

Posted on by
Reply

The National Security Agency and the Cybersecurity and Infrastructure Security Agency late last month issued an advisory memo to help improve defenses in application development software supply chains — and there’s a lot of room for improvement.

Called Defending Continuous Integration/Continuous Delivery (CI/CD) Pipelines, the joint memo describes the various deployment risks and ways attackers can leverage these pipelines. I describe their recommendations and the issues with defending these pipelines in my latest blog for SiliconANGLE.

SiliconANGLE: The WeChat app is anything but private

Posted on by
Reply

What if we had an app on our phones that combined the functions of Facebook Messenger, Venmo payments, MyPatientChart health records and WhatsApp for making voice calls, and also allowed us to download all sorts of mobile apps and games like Apple Inc.’s App Store?

Furthermore, what if such an app had absolutely no privacy controls, so the federal government could monitor, censor and track users, conversations and all activities?

Well, such an app exists. It’s called WeChat and it has 1.2 billion monthly active users. But it is a threat to our privacy, and I explain why in this post for SiliconANGLE.

 

SiliconANGLE: Will passkeys finally come to pass? A progress report

Posted on by
Reply

We’re finally inching closer to curing our addiction to passwords.

This week the FIDO Alliance put together an online event and posted a series of white papers to try to help businesses that want to move forward with passkeys — digital credentials that don’t require usernames and passwords — to host their first 12-step programs for ridding themselves of the scourge that results in huge holes in cloud cybersecurity protection.

“Passkeys are a superior password replacement,” said Tom Sheffield, senior director of cybersecurity for Target Corp. “And you shouldn’t wait to implement them in your business.” Read more of my analysis for SiliconANGLE here.

 

SiliconANGLE: Polymorphic malware and the rise of new ‘moving target’ defensive security

Posted on by
Reply

An old security technology that has gotten little attention is finally ready for a new closeup.

It goes by the name polymorphic code — or alternatively, automated moving target defense or AMTD — and it has been around for nearly a decade. It came into its own around 2017 when was popularized by both malware writers and defenders.

And once again, security professionals are playing another cat-and-mouse game, but this time the stakes are a lot higher thanks to better tools on both sides.

On the malware side, the term describes code that can adapt to conditions and change its behavior to try to avoid detection. It cuts across a wide swath of computing circumstances, including the ability to attack runtime memory, file systems, credentials, virtual machines, workloads, containers and network connections.

You can learn more about this technology and both its uses for good and evil in this post for SiliconANGLE.