Cloud Security, Yes – But Is AI Ready for Its Cybersecurity Spotlight?

Cloud Security, Yes – But Is AI Ready for Its Cybersecurity Spotlight?

In today’s world, speed, agility and scalability are essential for organizations and businesses if they want to become successful and stay relevant. On-premises IT can’t provide them with the speed, agility and scalability cloud environments can, so the continued embrace of cloud is inevitable. Unfortunately, the same characteristics – speed, agility and scalability – also [...]

Cloud Compliance: The Cheeseburger Principle

Cloud Compliance: The Cheeseburger Principle

We spend our days talking with people about the need to apply security and compliance best practices in their cloud environment, and then helping them maintain automated visibility and remediation of vulnerabilities. We try to imprint on them the notion that security never stops; to truly have the best odds of keeping an environment secure, [...]

Web-based Threats-2018 Q2: U.S. Remains #1 in Malicious Web Addresses, China Falls from #2 to #7

Web-based Threats-2018 Q2: U.S. Remains #1 in Malicious Web Addresses, China Falls from #2 to #7

Executive Summary In Q2, the United States was number one for hosting malicious domains and exploit kits. Unit 42 regularly analyzes statistical data from our Email Link Analysis (ELINK) to understand the patterns and trends in current web threats.  This blog outlines our analysis for April – June (Q2) 2018  and follows up our previous blog analyzing [...]

Define a Protect Surface to Massively Reduce Your Attack Surface

Define a Protect Surface to Massively Reduce Your Attack Surface

In cybersecurity, one of the things people tend to focus on the least is defining what they’re trying to protect. The general consensus is that they want to protect against attacks, but the attacks are attacking something. What is that thing? Over the years, we have been working diligently to reduce the attack surface, but [...]

Threat Brief: Information on Critical Apache Struts Vulnerability CVE-2018-11776


Situation Overview On August 22, 2018, the Apache Foundation released a critical security update for CVE-2018-1176, a remote code execution vulnerability affecting Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. The Apache Foundation has urged everyone to apply the security updates as soon as possible. This blog is to provide information to help organizations assess their [...]