SaaS is the de facto way of doing business for the SMB (and even for the enterprise). The costs of building your own infrastructure and maintaining it are just too high for most. Instead, it is easier and more cost effective to let someone else handle it. Buying a spot in Amazon Webs Service, Google Cloud Platform, or Microsoft Azure it not complicated and the tools to help you set up your new business infrastructure are well done (if not always well documented). When you use these services, you do expect them to provide security, but what you may find out is that not all cloud vendors think that should come as part of the package. In fact, many look at them as little more than a way to gain extra revenue and not something that just should be done.

The current threat landscape has user account compromise and endpoint takeover as the most common first acts in a security event. The methods used to accomplish this are varied but include such blockbusters as poisoned websites and URLs embedded in email. Once the website is processed the exploit kicks off and things tend to go downhill from there. The most common item abused in your web browser is its ability to process scripts (especially JavaScript). Now Microsoft says they have a way to knock out as much as 45% of exploit attempts related to JavaScript and WebAssembly when using their Chromium based Edge browser.

Remember the days when browsing the internet was simple, all you had to worry about was clearing your cookies and browser history and you were fine. Ok, so it was never truly that simple, but you get my point. Now as internet surfers become more concerned about tracking and companies find new ways to follow you even more, things have gotten a bit crazy. Microsoft’s Edge wants to remember everything you do as does Chrome and Safari. This is presented as giving you a more complete and speedy internet experience, in reality it just creates a trove of data about you that can be used for good or bad.

It seems that Apple may have an issue with their AirTags, the small tracking devices that use the Apple device network to help you find items that you have put trackers on. They are similar although much more effective than items like Tile. The problem is that since these trackers can ping out to any Apple device, there was a chance that they could be used for shady purposes. This possibility was brought up when they were launched and surprisingly, Apple listened. They added in methods to detect if someone is tracking you using an AirTag. True, not releasing something like this would have been better, but some protection is better than nothing.