David Strom


Latest from David Strom

Domain Name System is once again front and center for exploits and security policy

Two recent events are once again bringing the internet’s foundational Domain Name System into the news, and not in a good way. The first event involving the DNS last week was a warning from the Cybersecurity Infrastructure and Security Agency issued on Friday for version 9 of the Berkeley Internet Name Domain, or BIND. It calls ...

Millions of GitHub projects found vulnerable to exploit

Thousands of open-source code repositories on GitHub could be vulnerable to an old exploit, according to a report from Aqua Security Software Ltd.’s Nautilus research team published this week. Aqua analyzed a sample of more than a million GitHub code repositories and found almost 3% were vulnerable to an attack called repojacking. The bad actors ...

Exclusive: The next computer in the cloud could be an IBM mainframe

A small Minneapolis mainframe computer software startup is poised to change the way enterprises use and share data across the cloud. VirtualZ Computing Inc. claims to be the first and only woman-founded and women-led mainframe systems integrator in history. That is a bold position, but perhaps more important is its pair of revolutionary software applications ...

New Russian cyberattacks on Ukraine uncovered

The protracted war on Ukraine has been fought on both physical and digital worlds, but after the initial forays last spring, Russian attacks on Ukrainian digital infrastructure have increased lately, according to new reports by three security analyst groups. Since the Russian invasion last spring, there have been a number of cyberattacks. Google LLC said ...
SPECIAL REPORT: AI, CYBERSECURITY AND THE SUPERCLOUD

The top five cloud cybersecurity threats – and what to do about them

Cybersecurity threats continue to plague cloud infrastructures, and sadly these threats are still mostly the same from years’ past. But just because these threats continue doesn’t mean that cloud security, taken as a whole tapestry, isn’t as secure as on-premises equipment. That debate — which seems to have spanned a decade or more — should ...
COMMENTARY

Databases then and now: the rise of the digital twin

When I first started in information technology, back in the Mainframe Dark Ages, we had hulking big databases that ran on IBM Corp.’s Customer Information Control System, written in COBOL. These mainframes ran on a complex collection of hardware and operating systems that was owned lock, stock, and bus and tag barrel by IBM. The ...
ANALYSIS

Beware of fake security researchers who deliver malware

If you come across a security researcher from a company called High Sierra Cyber Security, beware — you may get tricked into downloading malware on your computer. High Sierra is a cover for a group of hackers who have weaponized social media and the open-source GitHub code repositories. It isn’t the first time this has ...
ANALYSIS

Management consoles can be a security nightmare, but they still lack good protection

One of the biggest threats to enterprise networks is the ability of hackers to manipulate management consoles, the web applications for managing a variety of networked-based systems, such as virtual private networks, routers, firewalls, switches and other devices. For many years, bad actors have targeted consoles that are accessible via a public internet connection. They ...

Amazon Web Services beefs up its security offerings

Amazon Web Services Inc. today announced a variety of new security tools as well as expansions to existing services for its cloud computing customers. The goals, as described by Becky Weiss (pictured), an AWS cloud engineer presenting at AWS’ annual re:Inforce conference in Anaheim, California, are to bring more zero-trust features further across its cloud ...

Google Cloud announces new security services and partners

Google LLC announced a series of cloud security services today, adding to various existing protective services and complementing its longstanding efforts with its Chronicle platform along with broadening industry partnerships with its tools. Last week, the company announced a set of best practices for protecting customers’ artificial intelligence models from hacking called the Secure AI Framework. ...