The cloud gives you agility, speed, and flexibility – but it also opens new doors for attackers. For DevOps teams, every line of code, every container, and every deployment pipeline is a potential entry point and missteps are easier than ever. Misconfigurations alone cause 80% of all security breaches in cloud environments, so the stakes are even higher. This poses a severe security risk with wide-ranging consequences, making it evident that cloud-native environments demand a new security mindset.

Opti9’s partnership with Backblaze has reached an important new milestone: the launch of the Canada East (CA East) data region. By leveraging Opti9’s expertise in Canadian data centers, Backblaze is now able to expand its footprint and meet the growing demand for compliant, high-performance cloud storage solutions in Canada.

‍ ‍While each organization faces its own unique set of cyber risks that must be carefully assessed and managed in order to reach a state of resilience, certain events are nearly inevitable in today's threat environment, having the potential to create damaging ripple effects across the global market. Early in 2024, Kovrr's cyber risk quantification models identified these potential cyber incidents and loss scenarios most likely to impact organizations worldwide in the upcoming year.

Let’s begin 2025 with an understatement about last year: 2024 was an eventful year for cybersecurity. That in itself is no surprise. The specifics, though, looked like this: AI use accelerated (for good and for bad), ransomware surged and relentless attacks on third parties shifted focus to cyber resilience.

Wherever you live, people can find you using either a street address or a set of latitude and longitude numbers. In the digital world, your website’s domain name or URL is the street address while the IP address is the latitude and longitude. For example, it would be cumbersome to tell people that you live at 35°05′17″N 109°48′23″W, but easy to say a number and street name. IP address data is useful for both protective and detective cybersecurity functions.

CVE-2024-49113, also known as LDAPNightmare, is a high severity (CVSS score of 7.5) unauthenticated Denial of Service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP). This vulnerability allows attackers to crash any unpatched Windows server with an internet-accessible DNS server by overwhelming a critical internal component of the operating system. Both CVE-2024-49113 and its relative, the critical RCE vulnerability CVE-2024-49112, were publicized in December 2024.

Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals because of the valuable customer data it processes, including credit card information, Personally Identifiable Information (PII) and shopping patterns. This data is often collected and sold on the dark web for financial fraud or identity theft.

It’s becoming all too common these days: ransomware hitting another organization. However, most people don’t know exactly what happens when ransomware is found and what must be addressed. What makes it even more challenging for healthcare is that the data that can be stolen, like personal health information, is much more valuable than credit card numbers.

In my experience, computers are only as smart as the person in front of them. Same with AI. The results are dependent on the prompts given. Today, users typing prompts from their brains into Microsoft Security Copilot may find it hard to get value. Prompts with adequate specificity are difficult to create, let alone repeat.

A phishing campaign is targeting users with phony offers to beta test new video games, according to researchers at Malwarebytes. The phishing messages are sent via Discord, email, or text message. The messages purport to come from a game developer, and include a link to download an archive supposedly containing the game’s installer.