While trust plays an important role in access management, not all types of trust are created equal. When it comes to access management, there are two types of trust to pay close attention to, implicit trust and explicit trust. Let’s go over what these types of trust are in access management and how they differentiate from one another.

The deadline for achieving complaince with the Digital Operational Resilience Act (DORA) will be here before you know it, with enforcement beginning in January 2025. With Third-Party Risk Management being the central focus of the EU regulation, it’s imperative to cater your TPRM program to the DORA regulation to achieve sustainable compliance. In this post, we outline the DORA requirements related to third-party risk management and explain how to comply with them.

A week ago, on March 29th, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that two versions of xz Utils, were found to have been compromised. The xz Utils code had been tampered with to include a malicious “backdoor” that would ultimately give attackers the same level of control over affected systems as authorized administrators.

The Australian Government has leveraged insight from cybersecurity experts to create a new six-part plan to combat cybersecurity over the coming decade. The cybercrime economy is booming and growing every year. What’s needed is a bold vision to not just respond to the current state of threats, but to jump years ahead of it. And that’s what we find in the Australian Government’s 2023-2030 Australian Cybe rsecurity Strategy.

Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.

The nature of cybersecurity risk has evolved dramatically over time, challenging traditional approaches to security. Historically, organizations have concentrated their efforts on fortifying assets they directly own, assuming that this strategy provides sufficient protection. Unfortunately, this narrow focus fails to acknowledge a fundamental truth: attackers operate without regard for ownership boundaries.

With the rise of cyber threats and the increasing volume of sensitive data being transmitted over networks, organizations must prioritize the use of cryptographic algorithms that meet stringent standards for security and reliability. One such standard is FIPS (Federal Information Processing Standards) compliance, which ensures that cryptographic algorithms adhere to the rigorous criteria set forth by the U.S. government.

The vulnerability lies in the way HTTP/2 implementations handle CONTINUATION frames, which are used to transmit header blocks larger than the maximum frame size. Attackers exploit this weakness by sending an excessive number of CONTINUATION frames within a single HTTP/2 stream. This flood of frames overwhelms the server's capacity to process them efficiently.

A product is only as secure as its weakest link. That is why many talented security engineers and researchers recommend embedding security as early in the software development life cycle (SDLC) as possible, even from the very first line of code. Or better yet, even before the very first line of code, during the threat modeling and architecture phase. Smart people have been saying this for a very long time. So, why does product security still remain difficult?

Seccomp, short for Secure Computing Mode, is a noteworthy tool offered by the Linux kernel. It is a powerful mechanism to restrict or log the system calls that a process makes. Operating within the kernel, seccomp allows administrators and developers to define fine-grained policies for system call execution, enhancing the overall security posture of applications and the underlying system.