Read also: Four people arrested over ChatGPT-linked ransomware attacks, a scammer charged for stealing $7.5M from two charities, and more.

This is not a beginner’s blog post. As such, we will not tell you about the importance of securing your Kubernetes infrastructure (it’s important). However, if you are here to learn about increasing the efficiency of your security work and the blind spots you may have, you have come to the right place. You may have heard of and are already using CVSS as your gold standard for vulnerability prioritization.

Every year, new technologies are released; with them, professionals are discovering new sets of application vulnerabilities. However, some threats and challenges are constant in the list, such as malware and app spoofing. However, all the threats are now more powerful with the advancement of tools. Further, it’s expected that the mobile app security challenges will be more rigid in 2024.

As organizations navigate through the complexities of the digital era, the challenge of accurately identifying and managing their asset inventory has become a critical aspect of their security posture. This task, known as attack surface discovery and asset attribution, involves a delicate balance: identifying all assets that belong to the organization while ensuring that no extraneous ones are included.

The last 12 months have been awash with incidents that led to significant data breaches, government regulatory and legal sanctions, and loss of business services availability. In 2023 we saw the most private personally identifiable information exposed, business services shut down, and CISOs fired—and even charged for legal violations by the federal government.

In response to the growing number of malicious actors that have managed to exploit cybersecurity vulnerabilities and cause irreparable damage to organizations, governments worldwide have decided to intervene, recognizing a need for a systematic approach to safeguarding national assets. Helping to lead the way in this institutionalized effort is the Australian Prudential Regulation Authority (APRA). ‍

On December 26, 2023 the Department of Defense (DoD) unveiled the long-anticipated Proposed Rule for the Cybersecurity Maturity Model Certification (CMMC) Program, sending a clear message to defense contractors that CMMC is happening sooner than many thought, and that those taking a “wait and see” attitude can no longer wait to prepare.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. If there ever was a good example of what can happen if you don’t have a good password and no 2FA enabled, this is it.

In the ever-evolving cybersecurity landscape, organizations are constantly striving to enhance their defenses against organized malicious actors. As cyber attacks become more advanced, regulatory bodies have created and enforced compliance requirements to ensure that organizations protect sensitive data and systems. One groundbreaking solution that can help your organization meet these challenges is Extended Detection and Response, known as XDR.

Although SIEMs have existed for more than 20 years, many organizations still fail to achieve full data visibility into their environments. Two problems compound this challenge. First: attack surfaces. As organizations scale their digital infrastructures and bring on new applications, the amount of data analysts need to monitor and analyze increases exponentially.