This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. "

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands. FireEye shared the details of the vulnerability with Microsoft and has been coordinating public disclosure timed with the release of a patch to address the vulnerability and security guidance, which can be found here.

The DarkHotel attack Inexsmar from 2016 has striking similarities to attacks from as early as 2011. Inexsmar is also focusing on political targets rather than the group’s normal choice of senior corporate officials, corporate research, and development personnel.

“The use of machines is driving unprecedented improvements in business efficiency, productivity, agility and speed. With businesses increasing their reliance on machines, the number of machines on enterprise networks is growing exponentially. To communicate securely, each machine needs a unique identity to authenticate and secure communications. However, organizations’ abilities to create, manage and protect these machine identities is simply not keeping up with the pace of their evolution. "

This e-book seeks to help you understand all of the many details necessary for succesful network management.

This paper seeks to help organizations understand that Microsoft Azure (Azure) has a lot more to offer than cost savings. Enterprises with the highest levels of cloud adoption, typically, not only completely re-architect their applications, but also take advantage of automation to streamline the entire development and deployment process. They adopt DevOps pipelines and use CI/CD (continuous integration and continuous delivery) tools with the objective of nimbly meeting customer and business needs.

This eBook gives a detailed breakdown of the current state of the Kubernetes Ecosystem.

A survey-based report of over 700 individuals. The survey and resulting analysis was perfomed by CyberEdge.

This report asks the question, “The US Government is beginning the migration to cloud services with FedRAMP providers and other dedicated resources – what’s the best approach for your agency?”

This is the 2nd ebook from The New Stack’s series focused on the Kubernetes ecosystem. Unlike the 1st ebook that centered on the state of the Kubernetes ecosystem, this ebook shines a light on answering the question: How well does Kubernetes work in production?

As businesses continue to adopt both infrastructure-as-a-service (iaaS) and platform -as-a-service (PaaS) cloud platforms, S&r pros struggle to protect their organization’s valuable data while minimizing the threat surface of cloud and hybrid cloud workloads. Cloud workload security (CWS) solutions provide automated and layered controls to secure configurations, network, applications, and storage of hybrid cloud hypervisors and workloads. this report provides S&r pros with an overview of the CWS vendor landscape, critical selection criteria, and key vendor differentiation.

This report gives a clever way to understand Cloud security topologies. It breaks all of the concepts down into a simple continuum.

From The Report, “This article is third in a five-part series developed by Dr. Edward Amoroso in conjunction with the mobile security team from Blue Cedar. The article provides an overview of various mobile app security methods including per-app VPN, containers, and micro-segmentation.”

The purpose of this paper is to help CIOs and their boardroom colleagues find the right approach to building a digital infrastructure to achieve the right outcomes for their business.

This paper was written for one purpose: To serve as a useful guide for Chief Information Security Officer (CISO) teams.

From the report, “We are now seeing the first incarnations of 5G technology. It provides many capabilities that make it a preferred platform for the digitalized world. Solid security is one of the strengths of 4G networks and the same is expected from 5G. This cannot, however, be achieved just by adapting 4G security features to 5G system because the 5G service palette is more than just an extension from that of 4G. Completely new security functionalities and services are needed in addition to enhanced versions of 4G security features.”

This ebook lays out several examples of how to effectively secure your cloud workloads.

This is an e-Book that provides 10 ways to pick the right datacloud center.

Security is a key consideration and challenge both for hybrid cloud/multicloud adoption and in taking advantage of the IoT. This Paper takes a look at the details of that consideration.

This is the fourth megatrends study. For this latest version, they have carried forward a number of ongoing questions and threads that are designed to track how the network management landscape is changing over time. They’ve also included many new questions and queries intended to help us characterize and quantify the very latest technology trends. In particular, new questions were added in this report to begin assessing whether hybrid clouds, advanced analytics, and/or the Internet of Things were having an impact on network management tools and practices.

This study explores the pressures cloud migration place on 1,051 IT security professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany.