< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4625 articles · page 122 of 232

CrowdStrike Adds Browser-Native Security Through Seraphic

🔒 CrowdStrike will acquire Israel-based Seraphic Security to add browser-native runtime protections to its Falcon platform, with the deal expected to close by April. The integration aims to correlate Falcon’s endpoint telemetry and threat intelligence with deep, in-session browser signals to govern user actions, data flows, and extensions. CrowdStrike said the move addresses gaps left by traditional EDR and network controls, and will also work with planned SGNL continuous authorization capabilities to enable dynamic, session-level permissions.
read more →

Incident Response Perspectives with Terryn Valikodath

🔍 Terryn Valikodath, Senior Incident Response Consultant at Cisco Talos, describes a role that blends technical investigation with clear communication and proactive planning. He explains how his team balances developing incident response plans, running tabletop exercises and threat hunts with hands-on reactive investigations and remediation. Terryn highlights the reward of teaching through multi-day cyber range trainings and the satisfaction of helping organizations recover and build trust.
read more →

Transparency and Accountability in Cybersecurity Vendors

🔍 Modern CISOs face growing compliance and supply-chain pressures and must verify security products rather than assume vendor claims. The AV-Comparatives TRACS study assessed 14 EPP/EDR vendors on 60+ transparency criteria — source-code review, SBOMs, audit reports, update controls, and telemetry options — and found few vendors offer comprehensive verification. Kaspersky highlights its global transparency centers, minimal telemetry, and local-processing choices as practical risk-management measures that improve predictability.
read more →

Amazon Neptune Adds R7g/R8g Instances Across Regions

🔔 Amazon Neptune now supports Graviton3-based R7g and Graviton4-based R8g instances in new regions: Asia Pacific (Hong Kong, Osaka, Singapore), Canada (Central) and US West (N. California). R7g introduces the first DDR5-equipped AWS database instances with up to 30 Gbps enhanced networking and up to 20 Gbps to Amazon EBS, while R8g offers larger sizes (up to 48xlarge) and an 8:1 memory-to-vCPU ratio. Graviton4 delivers up to 40% faster database performance versus Graviton3, and both families are priced about 16% lower than R6g. Customers can launch or upgrade via the AWS Management Console or CLI for Neptune engine versions 1.4.5 and above.
read more →

Google Confirms Android Bug Affecting Volume Keys on Devices

🔊 Google acknowledged a software bug that causes volume buttons to control the device's Accessibility volume instead of the Media volume when the Select to Speak accessibility service is enabled. The issue also prevents using volume keys as a shutter shortcut in the Camera app. Google has not specified which Android versions or how many users are affected, nor provided an ETA for a permanent fix. A temporary workaround is to disable Select to Speak via Settings → Accessibility.
read more →

AWS Security Hub Automation and Orchestration for Scale

⚙️AWS has made the enhanced AWS Security Hub generally available, adding automation features to centralize and accelerate handling of security findings across accounts and Regions. The update integrates Security Hub CSPM into detection engines and provides real-time risk analytics, automated correlation, and enriched context to prioritize critical issues. Automation rules and integrations with EventBridge, Lambda, and ITSM tools like ServiceNow enable remediation, routing, and evidence collection to reduce manual triage and support compliance.
read more →

gRPC as a Native Transport for the Model Context Protocol

🔗 Google Cloud describes work to enable gRPC as a native transport for the Model Context Protocol (MCP), offering an alternative to JSON-RPC transcoding for organizations that already use gRPC. Native gRPC eliminates the need for transcoding gateways and preserves existing tooling, while delivering lower latency, smaller Protobuf-encoded payloads, and full-duplex streaming. The MCP core maintainers agreed to pluggable transports in the SDK, and Google Cloud will contribute a community-backed gRPC transport package to promote consistent, interoperable deployments.
read more →

How Microsoft Integrates Privacy and Security by Design

🔐 In a Deputy CISO post, Terrell Cox explains how Microsoft aligns privacy and security as complementary priorities, treating privacy as a human right across products from Microsoft 365 to Azure. The company enforces rigorous internal compliance—audits, cross‑functional reviews, and executive oversight—and limits data access through controls like Customer Lockbox and zero‑trust access. Microsoft highlights solutions such as Microsoft Entra, Entra ID, and Microsoft Purview to support data residency, classification, protection, and regulatory compliance.
read more →

Amazon EC2 X8aedz Instances Now in Mumbai and Seoul

🚀 Amazon EC2 X8aedz instances are now available in Asia Pacific (Mumbai) and Asia Pacific (Seoul). These instances are powered by 5th Gen AMD EPYC processors (code named Turin) and deliver the highest maximum CPU frequency in the cloud — 5 GHz. Built on sixth-generation AWS Nitro Cards, X8aedz targets EDA workloads and relational databases that need high single-thread performance and large memory capacity, pairing 5 GHz CPUs with local NVMe for faster memory-intensive processing.
read more →

Amazon RDS for PostgreSQL Adds Extended Support Releases

🔔 Amazon RDS for PostgreSQL now offers Extended Support minor releases 12.22-rds.20251114 and 11.22-rds.20251114, which include critical security and bug fixes addressing vulnerabilities present in earlier versions. We recommend upgrading to these releases to reduce exposure and maintain supportability after community maintenance ends. Extended Support provides up to three additional years of critical fixes after a major version’s standard support expiry, giving teams more time to plan major upgrades. These updates are available in all commercial and government regions and can be applied automatically via automatic minor version upgrades during scheduled maintenance windows.
read more →

Amazon Connect Cases Adds AWS CloudFormation Support

🔧 Amazon Connect Cases now supports AWS CloudFormation, allowing administrators to model, provision, and manage case resources as infrastructure as code. Administrators can author CloudFormation templates to programmatically deploy and update Cases configuration elements—such as templates, fields, and layouts—across Amazon Connect instances, enabling version control and repeatable deployments. The integration reduces manual setup time, minimizes configuration errors, and streamlines multi-instance provisioning across supported Regions.
read more →

Amazon Lex Introduces Improved English Speech ASR Models

🗣️ Amazon Web Services announced an update to Amazon Lex that adds a neural automatic speech recognition (ASR) model for English locales. The model, trained on data from multiple English-speaking regions, better recognizes conversational speech, non-native speakers, and regional accents, reducing repeated prompts and improving self-service success. Administrators can enable the capability by selecting the "Neural" option in a bot's locale speech recognition settings. The feature is available across all AWS commercial regions that support Amazon Connect and Lex.
read more →

Amazon MSK Connect Expands to Three More AWS Regions

🚀 Amazon has made MSK Connect available in three additional AWS Regions: Asia Pacific (New Zealand), AWS GovCloud (US-East), and AWS GovCloud (US-West). MSK Connect provides fully managed Kafka Connect clusters to deploy, monitor, and scale connectors that move data between Apache Kafka/Amazon MSK and external systems. The service supports both Amazon MSK-managed and self-managed Kafka clusters, scales automatically, and uses a pay-for-what-you-use model. With this launch, MSK Connect is now available in 38 AWS Regions.
read more →

Survey: Nearly 90% of Federal Agencies Using AI Now

🔍 Google Public Sector commissioned a Government Executive survey of 250 federal IT leaders, finding nearly 90% of agencies are planning to or already using AI. Respondents cited common use cases such as document and data processing, workflow and process automation, and decision support systems. Security and adversarial risk were identified as the top adoption barrier, with reliability and workforce disruption also noted. Google highlights Gemini for Government, GSA OneGov pricing, and expanded training programs as measures to address cost, legacy, and skills constraints.
read more →

CISOs Name Top 10 Vendors for AI-Enabled Security in 2025

🔒 The CSO 2025 Security Priorities Study asked more than 640 senior security executives to rank leaders in AI-enabled security, and established, name-brand vendors dominated the results. CISOs prioritized product innovation but heavily weighed reputation, breach history, business value, cost, time to integrate, and peer adoption. The top-ranked providers included Cisco, Microsoft, and Google, while MSSPs and cloud-native service providers also gained visibility as teams seek managed incident response.
read more →

AWS Expands PCI DSS Scope with Two Services and Region

🔒 AWS added two services — AWS Security Incident Response and AWS Transform — and the Asia Pacific (Taipei) Region to its PCI DSS certification scope. The updated PCI DSS package includes an Attestation of Compliance (AOC) and an AWS Responsibility Summary, both validated by Coalfire. Customers can retrieve the package in AWS Artifact, and AWS also published the PCI report package in NIST OSCAL JSON to enable machine-readable, automated compliance workflows.
read more →

Amazon SageMaker HyperPod Validates Account Service Quotas

🧭 The Amazon SageMaker HyperPod console now validates AWS service quotas for your account before initiating cluster creation. The console automatically compares your requested cluster configuration—instance types, EBS volume sizes, and VPC-related resources—against account-level quotas and presents a clear table of expected utilization, applied quota values, and compliance status. If validation detects potential quota shortfalls, it issues a warning and provides direct links to the Service Quotas console so you can request increases before provisioning begins.
read more →

Amazon Lex Adds Configurable Voice Activity Detection

🔊 Amazon Lex now offers three configurable voice activity detection (VAD) sensitivity levels—Default, High, and Maximum—that can be set per bot locale. The Default setting suits typical background noise, High targets consistently moderate noise such as busy offices or retail spaces, and Maximum is designed for very noisy environments like manufacturing floors or outdoor locations. You configure VAD sensitivity when creating or updating a bot locale in the Amazon Connect Conversational AI designer, and the feature is available in all AWS commercial regions where Amazon Connect and Lex operate.
read more →

Palo Alto Unit 42 Warns of Risks from Vibe Coding Practices

🛡️ Palo Alto Networks' Unit 42 warns that the generalization of vibe coding — using natural-language AI prompts to write code — has already been linked to data breaches, arbitrary code injection and authentication bypass incidents. Researchers say rapid adoption by both hobbyists and experienced developers often outpaces governance, leaving organizations with limited visibility and inadequate monitoring. To help customers assess and mitigate these risks, Unit 42 introduced SHIELD, a targeted security governance framework outlining separation of duties, human-in-the-loop checks, input/output validation, security-focused helper models, least agency and defensive technical controls.
read more →

Microsoft to Retire Lens Scanner App on iOS, Android

📢 Microsoft has begun retiring the Microsoft Lens PDF scanner app for iOS and Android, with removal from app stores set for February 9, 2026 and scanning functionality scheduled to stop on March 9, 2026. Microsoft updated its Microsoft 365 Message Center guidance and recommends users switch to OneDrive's built-in scan feature. Existing scans remain accessible via MyScans while the app stays installed and the user is signed into their last active account, though Microsoft will no longer support the app after the cutoff. No administrative action is required; administrators should notify users of the change.
read more →