Cyberflashing is the act of sending nonconsensual sexual messages or images to someone via digital communication channels. This disturbing behaviour can manifest across various platforms.

API Management is a comprehensive process that involves creating, publishing, documenting, and overseeing application programming interfaces (APIs) in a secure, scalable environment. APIs are the backbone of modern software architecture, enabling interoperability and seamless functionality across diverse applications. They facilitate the integration of different software components, allowing them to intercommunicate and share data efficiently.

The landscape of DDoS attacks is constantly evolving. Gone are the days of simple bandwidth floods. Today’s attackers employ sophisticated tactics, making DDoS protection a complex yet crucial undertaking.

The defense supply chain is a complex network of partners that sell, manufacture, and distribute services or products to defense agencies worldwide. It is made up of both major corporations and smaller sub-suppliers. Each country has its own network of supply chain partners, including manufacturers, software, services and logistics providers that deliver products and services for military materiel applications.

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation consultant and even a short stint as a Payment Card Industry (PCI QSA) auditor years ago, it has been a while since I looked into this.

For cybersecurity professionals tasked with defending the public sector, tackling the U.S. Government Configuration Baseline (USGCB) is just another hurdle to a safer federal tomorrow. Part of a wide collection of necessary federal government compliance requirements, it hones in on which baseline security configurations are necessary for federally deployed IT products.

RedTail is a sophisticated malware designed for unauthorized cryptocurrency mining with a focus on Monero. It was first identified in January 2024, but it has been circulating since at least December 2023. Its latest iterations show improvements in evasion and persistence mechanisms, underscoring the significant expertise and resources driving its development.

Jay Jacobs and I recently delivered an RSA presentation called Quantifying the Probability of Flaws in Open Source. Since many people didn’t get a chance to see it, I thought I’d summarize some of the findings here for posterity. The question we investigated was simple, at least conceptually: what are the red flags of an open-source repository? Are there characteristics of a given open source library that would reliably indicate it was safer than others?

Regularly updating the software on your connected devices is essential to keep them secure from cyber-attacks. To maintain security, it is crucial to install software updates that often contain important security patches that fix vulnerabilities that hackers could exploit. Without these updates, your devices could be at risk of being hacked. Keeping software up to date is vital for cybersecurity and performance, ensuring your devices are protected against vulnerabilities and run efficiently.

On July 8th, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI) along with several international partners issued an urgent advisory outlining a People’s Republic of China (PRC) state-sponsored cyber group targeting Australian and U.S. enterprises.