Eclypsium has released research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers. Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.

As most security pros know, application containers -- Docker, rkt, etc. -- and the orchestration elements employed to support them, such as Kubernetes, are used increasingly in many organizations. Often the security organization isn't exactly the first stop on the path to deployment of these tools. If it was in your shop, consider yourself one of the lucky ones.

Amazon, Apple, Google and the Zigbee Alliance are teaming up on a new Internet Protocol-based standard for smart home device connectivity. Connected Home over IP will be an open source project. A working group will define a specific set of IP-based networking technologies for device certification. The goal is to enable communication across smart home devices, mobile apps and cloud services.

Cybersecurity incident response teams have choices when it comes to communication tools: Microsoft Teams, Slack, Zoom and numerous others. Some require a subscription or commercial license -- others are free. Some are niche tools specifically designed for incident response. Some are generic business communication tools that IR teams have adapted for use during a cybersecurity incident.

Among the highlights of Amazon Web Services re:Invent are three announcements that strengthen its presence in the enterprise hybrid IT infrastructure market: AWS is teaming with Verizon to deliver 5G edge cloud computing; the first AWS Local Zone is located in Los Angeles; and AWS Outposts are generally available. These moves "close some huge competitive gaps," observed tech analyst Rob Enderle.

If you're like most security pros, chances are you're starting to get frustrated with microservices a little -- or maybe a lot. Microservice architectures -- that is, architectures that leverage REST to build a number of small, distributed, modular components -- are powerful from a software architect's point of view. Want to make a change to a component quickly? Add new functionality?

We may just be turning the calendar to November, but if you're like most retailers, you're already deep into planning for the gift-giving season. Black Friday and Cyber Monday are circled and starred as you anticipate, with a mixture of excitement and trepidation, the spike in sales and massive increase in traffic to your website and mobile app -- with good reason.

As part of National Cyber Security Awareness Month, the National Cyber Security Alliance is advising all computer users to "Protect IT" by taking precautions such as updating to the latest security software, Web browser and OS. The nonprofit public-private partnership, which works with DHS and private sector sponsors, advised computer users on ways to protect their personal data.

Developers have patched a vulnerability in Sudo, a core command utility for Linux, that could allow a user to execute commands as a root user even if that root access was specifically disallowed. The patch prevents potential serious consequences within Linux systems. However, the Sudo vulnerability posed a threat only to a narrow segment of the Linux user base, according to Todd Miller, a maintainer of the open source Sudo project.

Stopping cyberattacks requires diligent behavior. One of the themes of this year's National Cyber Security Awareness Month, or NCSAM, is that all computer users should take steps to Secure IT. That means shaking up the passphrase protocol by using not just strong passwords but strong and unique passphrases. Everyone should double login protection through multifactor authentication.

If you've ever played chess, you know that each move you make has to be the best move. At one level, this is painfully obvious -- after all, who would choose to make a terrible move instead of a better one? -- but it's illustrative of an important concept. Specifically, the core reason it's true is that each individual move in a game like chess comes with an associated "opportunity cost."

Users of a multi-cloud storage strategy may be twice as likely to face a security breach as those that use hybrid or single clouds, suggests a report from UK-based security specialist Nominet. Fifty-two percent of survey respondents who adopted a multi-cloud approach suffered a data breach over the past 12 months, compared to 24 percent of hybrid cloud users, and 24 percent of single-cloud users.

A new collaboration between Dell Technologies and Google has produced the world's first enterprise-class Chromebook. The companies have announced their partnership to bring new capabilities and services to Dell's Unified Workspace strategy. Google launched its Chrome Enterprise capabilities in 2017 to give enterprises critical features like advanced security protections and fleet management.

There is no data showing how many people actually read through click agreements, terms of service and privacy policies -- collectively "online terms" -- before clicking the alluring "accept" button. However, there's research that indicates fewer than 1 percent of people report taking the time to review online terms. Most folks consider online terms an annoying speed bump and frankly don't care.

They say that the key to good security is constant vigilance. As a practical matter, this means that it's important for security and network pros to pay attention to two things: changes in the threat landscape, so they can be on the alert for how their systems might be attacked; and changes and developments in the technologies they employ. These consequences matter quite a bit.

Many online businesses rely on Black Friday and Cyber Monday to drive their profit margins. During this four-day period, retailers will see traffic on their site skyrocket. How can retailers make sure their sites are robust and won't fail during this critical period? The answer is to ensure your site is completely bombproof and can handle the surge in load without a problem.

The Russian hacking group known for stealing sensitive emails from the Democratic National Committee during the 2016 presidential election season has been cracking into printers, phones and video decoders to gain access to corporate networks, the Microsoft Security Response Center Team reported. The group is known by a number of names including "Strontium," "Fancy Bear" and "APT 28."

It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.

Any retailer that wants to be competitive knows it must offer a seamless omnichannel experience to its customers. However, many retailers aren't aware that the key to powering that customer experience is IT system performance. Why? Omnichannel retailers must process, analyze and use huge amounts of data for a multitude of equally important functions.

The high-tech industry once again is in a tizzy over flaws discovered in Intel CPUs -- four new MDS vulnerabilities have come to light. MDS is a sub-class of previously disclosed vulnerabilities that sample data leaked from small structures within the CPU using a locally executed speculative execution side channel. The practical exploitation of MDS flaws is a very complex undertaking, however.

Microsoft has announced that its own full Linux kernel will power WSL2, the newest version of the Windows Subsystem for Linux. This marks the first time that Microsoft will include the Linux kernel as a component in Windows. Microsoft also introduced a Windows command line terminal that will add functionality to PowerShell and WSL. Both are intended primarily for developers.

Spring may be my favorite time of year. The snow is melting, the sun is shining, and the air smells just a little bit fresher. It's as though the world is setting an example for the rest of us, letting us know that it's time to start fresh. It's time for spring cleaning -- and in the security world, spring cleaning means more than just wiping down countertops and lighting a few scented candles.

There's been a lot of hype about blockchain over the past few years. Nowadays though, there are signs that we may be on the cusp of moving from the "blockchain will solve all your problems" segment of the hype cycle into the "blockchain may be useful for a few targeted applications" segment. Utility-based Darwinism is at work -- we're starting to see the less likely applications fall away.

Amazon introduced AWS Outposts at its AWS re:Invent conference in Las Vegas. The new system, which provides AWS-branded boxes for use in traditional data centers, will allow the company to make advances into the world of on-premises storage, taking on legacy hardware vendors including Cisco, Dell, and Hewlett Packard Enterprise. Outposts technology can run on rival vendors' data center equipment.

Andy Jassy, CEO of Amazon Web Services, announced that AWS customers would be off all Oracle databases by the end of 2019 and running on one of Amazon's database products. This is not the first time the market has heard something like this, but this time could be different. The statement comes on the heels of Amazon spending significant coin on Oracle licenses a few months ago.

Cybersecurity has been becoming a larger and larger concern for organizations. Nowadays, most organizations -- regardless of size, industry, location, or profit vs. nonprofit status -- find themselves directly or indirectly impacted by cybersecurity. Even though the topic itself is increasing in importance, many smaller organizations don't have specialized security expertise on staff.

An apparent prefix leak from an errant router misconfiguration caused Google to lose control of several million of its IP addresses for more than an hour on Monday. During the event, Internet traffic was misrouted to China and Russia from Nigeria. The incident initially sparked concerns that it might have been a hijacking. The mishap made Google services unavailable to many users intermittently.

When we write the history of the IT era, the big factor that has played an important but not well recognized role will be hardware -- specifically, the Oracle Exadata appliance that puts databases into memory. All of the cloud software starting with the autonomous database on view this week at OpenWorld would be vastly different if the database was still running primarily on disk drives.

Think about planning for a natural disaster emergency that might affect your home. You'd likely store some water, flashlights, food, blankets and other essentials. The key element of your planning would be proactivity. You'd do all of the work before an emergency occurred, not during the actual crisis. If your supplies were used up after the emergency passed, then you quickly would restock.

Independent software vendors, along with Internet of Things and cloud vendors, are involved in a market transformation that is making them look more alike. The similarities are evident in the way they approach software security initiatives, according to a report from Synopsys. Synopsys has released its ninth annual Building Security in Maturity Model, or BSIMM9.