Technology has been an integral part of the education industry, even before the onset of the pandemic. However, the shift from traditional classrooms to online courses, virtual classrooms, and digital textbooks has taken place at a rapid pace since 2020. This transition to the digital world has widened opportunities, but it has also opened avenues for cyberattacks and compliance violations.

Discover how exposed your company is on public GitHub, anonymously and for free.

Security practices in DevOps have evolved from being a minor concern to one of the main focus points, which resulted in the DevSecOps movement. It’s about “shifting security to the left” in the software development lifecycle – so the security measures are a fundamental component. Traditionally, security management was moved to the final stages of developing software, and it has proven its ineffectiveness in dealing with the challenges of modern software projects.

When managing an organization’s attack surface, the focus often falls on broad categories like firewalls, endpoints, or software vulnerabilities. Yet, one obvious blind spot is login pages. Login pages are not just entry points for users but potential gateways for attackers. From an EASM point of view, login pages pose important security concerns because of their exposure to the Internet.

Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently.

Microsoft Copilot for Security is a powerful new artificial intelligence tool that can help companies home in on credible cybersecurity threats amid an onslaught of noise. However, significant expertise is required to configure and operate it properly and avoid unnecessary costs. These are a few key takeaways from the webinar, "Getting Started with Microsoft Copilot for Security", presented by Dan Gravelle, Director of Global Solutions Architecture at Trustwave.

A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin access to remotely execute malicious commands, potentially taking full control of the system. Ivanti has already released updates, but this command injection vulnerability is actively exploited in the wild, making immediate action critical.

In a sophisticated cyber espionage campaign, a group of Chinese hackers has exploited a critical vulnerability in GeoServer to target government organizations across the Asia-Pacific (APAC) region. This operation, linked to the advanced persistent threat (APT) group known as Earth Baxia, highlights the evolving landscape of cyber threats facing sensitive sectors, including government and energy.