Cyber Essentials is a government-backed and industry-recognised initiative which aims to raise cyber security awareness and help businesses mitigate common internet-based threats. The Cyber Essentials update is the biggest overhaul of the scheme’s technical controls since it was first launched in 2014.

Data Privacy Day (known in Europe as Data Protection Day) is an international event aimed at raising awareness about data privacy and protection practices among businesses as well as internet users. In this blog series, we’ll attempt to do the same. This first blog post will shed light on data privacy as a whole, important data privacy laws, and some data collection practices that can help you adhere to these laws.

A core challenge for threat detection engineering is reproducing common attacker behavior. Several open source and commercial projects exist for traditional endpoint and on-premise security, but there is a clear need for a cloud-native tool built with cloud providers and infrastructure in mind. To meet this growing demand, we’re happy to announce Stratus Red Team, an open source project created to emulate common attack techniques directly in your cloud environment.

Here's a short overview of the most interesting cybernews that made headlines this week.

Supply chain compromises are an increasing threat that impacts a range of sectors, with threat actors leveraging access to support several motivations including financial gain (such as with the Kaseya ransomware attack) and espionage. Throughout 2020, an operation attributed to the Foreign Intelligence Service of the Russian Federation (SVR) by the U.S.

In the DevOps and DevSecOps Introduction, What is DevOps, we reviewed how our security teams overlay onto DevOps for visibility and increased security throughout the software lifecycle. This article explores DevSecOps during the planning phase of the project and why it’s important for developers to be trained on how to help protect the software they are writing from Free Open-Source Software “FOSS” risks and supply chain attacks.

In the world of heinous and sophisticated crimes, cryptography is the next-gen solution needed to resolve the concern. Whitebox cryptography combines encryption and obfuscation methods to embed secret keys in application code. The aim is to combine code and key in such a way that an attacker cannot distinguish between the two and the new "white-box" program can be safely executed in an insecure environment.

Since 2009, more than 12 years ago, all major Linux distributions have been incorporating a high severity security hole that remained unnoticed until just recently. The vulnerability and exploit, dubbed “PwnKit” (CVE-2021-4034), uses the vulnerable “pkexec” tool, and allows a local user to gain root system privileges on the affected host. Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems.

Cryptocurrency mining has become very popular among malicious actors that aim to profit by exploiting cloud attack surfaces. Exposed Docker APIs have become a common target for cryptominers to mine various cryptocurrencies. According to the Google Threat Horizon report published Nov. 29, 2021, 86% of compromised Google Cloud instances were used to perform cryptocurrency mining.