Years of accumulated security debt due to unaddressed software vulnerabilities and inadequate security configurations plague the applications that support our government functions. The age and size of applications play a significant role in the accumulation of security debt. The State of Software Security 2024 report provides a detailed analysis of how these factors correlate with security vulnerabilities, particularly in older and larger applications.

‍Since the SEC's latest cybersecurity regulations went into effect, thousands of companies have already been compelled to submit their annual Form 10-K with the novel Item 1C. Similarly, dozens of organizations have filed updated Form 8-Ks to disclose cybersecurity incidents. Slowly but surely, these public reports are helping investors become more aware of the intrinsic relationship between cyber risk and market value.

In today’s increasingly complex digital landscape, safeguarding sensitive data has never been more critical. Yet, many organizations grapple with balancing accessibility and security within their databases. Enter the concept of least privilege access, a pivotal strategy designed to minimize vulnerabilities by ensuring users have only the permissions essential for their role. However, scaling this principle across large-scale environments poses unique challenges and opportunities.

A security incident can be the result of a single unauthorised change. A few may say, 'one change is inconsequential, don't sweat the small stuff.' But when it comes to infrastructure security, the detail is of paramount importance! Just a single edit to a single line item can have a negative effect on an entire file or operating system. It's essential to be made aware of any unauthorised file change and to be made aware with haste.

In this episode of Trust Issues, we dive into the complex and rapidly evolving world of cyber insurance. We discuss the challenges and opportunities facing companies seeking to protect themselves from the ever-present threat of cyberattacks.

Windows permits an anonymous user to carry out specific actions, such as listing the names of domain accounts and network shares. This functionality proves useful in scenarios when an administrator needs to provide access to users in a trusted domain lacking a reciprocal trust agreement. By default, the Everyone security identifier(SID) is excluded from the token generated for anonymous connections. Consequently, permissions assigned to the Everyone group don’t extend to anonymous users.

Cloud computing offers indisputable benefits, but with the caveat that it can quickly become a disorganized jumble unless adequately managed. It’s common for the average organization to use dozens of cloud instances, solutions, and resources scattered across multiple platforms. Such off-premises services quickly accumulate to accommodate the company’s ever-growing needs. This uncurbed growth, known as cloud sprawl, creates significant economic and security challenges.

In March 2024, the Sysdig Threat Research Team (TRT) began observing attacks against one of our Hadoop honeypot services from the domain “rebirthltdio). The threat actors operating the botnet are financially motivated and advertise their service primarily to the video gaming community, although there is no evidence that this botnet is not being purchased beyond gaming-related purposes, and organizations may still be at risk of falling victim to these botnets attacks.

One reason organizations have difficulty defending against cyber threats is their attack surfaces are constantly growing, creating more entry points for bad actors to target. And target they will, creating an onslaught of alerts that drive the need for managed detection and response (MDR) services and other measures to help thwart them. Numerous trends are driving the increase in attack surface, including the proliferation of Internet of Things (IoT) devices.

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride. CISA is a non-regulatory government agency dedicated to protecting U.S. and global infrastructure and organizations against malicious hackers and their malware (and other types of threats).