Ghostscript, an open-source interpreter for the PostScript language and PDF files, recently disclosed a vulnerability prior to the 10.01.2 version. This vulnerability CVE-2023-36664 was assigned a CVSS score of 9.8 that could allow for code execution caused by Ghostscript mishandling permission validation for pipe devices (with the %pipe% or the | pipe character prefix). Debian released a security advisory mentioning possible execution of arbitrary commands.

Have you heard of the NIS Directive? The full name is quite a mouthful, "DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union". The informal name has been shortened to the Network and Information Security (NIS) Directive. The aim of the directive was to develop a common level of cybersecurity across the Member States that could be applied to entities of critical national importance.

The role of the CISO (Chief Information Security Officer) is one of the most important in any organization, and finding the right professional for the job is vital. The CISO leads the company’s information security strategy and bears the ultimate responsibility for the company’s security posture and how effectively it protects its information systems.

In today's data-driven world, businesses must navigate the complexities of data management while ensuring compliance with an ever-growing array of laws and regulations. Two concepts that often arise in this context are data sovereignty vs data residency. While related, these terms refer to distinct aspects of data management. Understanding their differences is crucial for businesses to make informed decisions on where to store their data and how to remain compliant with data protection regulations.

Like many concepts at the intersection of software engineering and cybersecurity, threat detection has emerged as a recent candidate to adopt the ‘as-code’ discipline to detection. This is driven by two key factors: Detection as Code is a new paradigm that brings a structured, systematic and flexible methodology for threat detection inspired by the as-code best practice of software engineering, commonly adopted in DevOps and Agile software development frameworks.

Baselines are an essential part of effective cybersecurity. They provide a snapshot of normal activity within your network, which enables you to easily identify abnormal or suspicious behavior. Baseline hunting is a proactive approach to threat detection that involves setting up a baseline of normal activity, monitoring that baseline for deviations, and investigating any suspicious activity.

Smart devices are amazing, and they make our lives easier. Smart light bulbs for your home allow you to change the color and schedule lights to turn on and off based on your activities. Internet-connected cameras allow us to monitor our homes with phone apps. Unfortunately, even a device as simple as a light bulb connected to your WiFi can be a gateway for cybercriminals to launch an attack. It happens, and it can happen to you.

APIs account for more than half of the total traffic of the Internet. They are the building blocks of many modern web applications. As API usage grows, so does the number of API attacks. And so now, more than ever, it’s important to keep these API endpoints secure. Cloudflare’s API Shield solution offers a comprehensive suite of products to safeguard your API endpoints and now we’re excited to give our customers one more tool to keep their endpoints safe.

A phishing campaign is targeting the tourism and hospitality industries, according to researchers at Votiro. “In this instance, the hacker booked a room at an international hotel and submitted a request for the hotel to get in touch with them immediately via WhatsApp about an urgent issue,” the researchers write. “Once the hotel employee engaged the customer over WhatsApp, the hacker responded with their request.

AppSec integrations can help keep development secure at the speed your business requires. Whether you’re building software, selling it, or using it to run your business, in today’s fully digitized environment, every business is, necessarily, a software business. And to keep your business running at the speed today’s competitive environment requires, you increasingly depend on technology.