Originally created when a journalist had his digital livelihood ruined by a cyber-attacker in 2012, World Backup Day has gained commercial significance as organizations manage ever-larger data volumes and face a higher risk of data breaches.
It is the end of the month and the end of the quarter. It has been a big one here at LimaCharlie. We have grown the team and released three new sensor types built on our new open-source adapter, and this is just the beginning. We are also starting something new. For an hour every Friday, we are going to be holding office hours starting at 9.00 AM PT.
As many organizations move to the cloud, CrowdStrike has noticed a significant increase in both opportunistic and targeted attacks against cloud resources, with a large number of these attacks targeting organizations’ Microsoft 365 (M365) infrastructure, often specifically around their business email service, or Exchange Online.
At CrowdStrike, we believe that rigorous, independent testing is a vital part of the security ecosystem. It provides customers with transparency and insight into the critical capabilities required to stop today’s sophisticated threats. That’s why I’m excited to share the results of Round 4 of the MITRE Engenuity ATT&CK Enterprise Evaluation: The CrowdStrike Falcon platform stops breaches with 100% prevention, comprehensive visibility and actionable alerts.
Red teaming is the practice of asking a trusted group of individuals to launch an attack on your software or your organization so that you can test how your defenses will hold up in a real-world situation. Any organization reliant on software – including banks, healthcare providers, government institutions, or logistics companies – is potentially vulnerable to cyberattacks, such as ransomware or data exfiltration.
Rapid and constantly-evolving software development cycles have increased the need for reliable and fast infrastructure changes. Thus manually carrying out infrastructure changes has become an unscalable process – which is what Infrastructure as Code (IaC) tools are here to solve. They enable teams to codify their infrastructure configurations and integrate them directly into their CI/CD pipelines.
An RCE vulnerability affecting Spring Core’s JDK 9 and later has become a trending topic in cybersecurity networks during the past couple days. This discovery, compared by some to the Log4Shell vulnerability, generated a lot of confusion and even got mistook with a different vulnerability affecting Spring Cloud, which got a CVE assigned the same day, and even linked them to completely unrelated commits on Spring Core’s GitHub.
Vulnerabilities found in application platforms and third-party libraries have drawn growing attention to application security in the last few years, putting pressure on DevOps teams to detect and resolve vulnerabilities in their Software Development Life Cycle (SDLC). Take the NVD (National Vulnerability Database), which tracks and records all significant vulnerabilities published and disclosed by software vendors.
In the midst of a growing global cyberthreat landscape, the Australian and US governments this week announced plans to increase spend to bolster federal cybersecurity. The Australian federal government’s newly released 2022-23 federal Budget has dedicated AU$9.9 billion to support cybersecurity and intelligence capabilities under a program called Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers (REDSPICE).
