EO 14028 is bringing a lot of new security documentation requirements with it. Here's how SCA can help with creating that documentation.

In the realm of modern enterprise productivity suites, Copilot for Microsoft 365 stands as a huge driver for efficiency, offering business users the ability to aggregate, summarize, and process data within the M365 suite of tools. However, for organizations with diverse infrastructure and applications, and the need for real-time data interactions, the out-of-the-box functionality requires augmentation to reach its full potential, not to mention secure controls for Copilot for M365.

Passwords can often feel like the bane of our existence. They're necessary for practically every app, website, and device we engage with, demanding our constant attention and memory. Managing the multitude of passwords required for our daily routines can be overwhelming. And this is why we are all guilty of not managing passwords properly.

Do you know almost 88% of companies experience unplanned outages due to expired certificates? Given these big numbers, ensuring the safety and reliability of software with code-signing certificates is vital. However, when a code signing certificate is compromised, it can pose significant risks that can undermine the trustworthiness of software distributed to users. In this blog, we are going to discuss all those risks and challenges, along with some tips on how to overcome them. Let’s begin!

A ticket in cybersecurity is a set of credentials used to authenticate users. A silver ticket is a forged ticket an unauthorized user creates. With this forged silver ticket, threat actors can launch a cyber attack that involves exploiting the weaknesses of a Kerberos authentication system. In this system, a Ticket Granting Service (TGS) serves as the credential token, granting authorized users access to particular services.

Nowadays, with more organizations and individuals relying heavily on third-party software to execute their high-priority and covert tasks, the risks of data breaches or cyber-attacks are becoming a serious issue. A cyber attack is basically an attempt by cybercriminals, hackers, or other digital adversaries to access a computer network or system with a willingness to expose, alter, steal, or destroy your million-dollar information.

CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.

Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight. Every quarter, the Anti-Phishing Working Group puts out a Phishing Activity Trends Report to highlight the changes in phishing attacks, including the number of campaigns, attacks, targets, and brands impersonated. The focus of the report covering 4th Quarter 2023 was the significant dip in the number of attacks in Q3 of last year.

Sysdig and Tines have joined forces to provide an integrated detect, triage and respond solution that enhances cloud security. This partnership combines Sysdig’s expertise in Runtime Insights with Tines’ robust orchestration and automation features. The result is a powerful solution that enables DevSecOps, Operations, and SOC teams to streamline security workflows, shorten response times, and stay ahead of security incidents.

The FBI has named Business Email Compromise (BEC) a $26 billion scam, and the threat is only increasing. Business email compromise (BEC) is a type of cybercrime in which a threat actor uses an email information-seeking scam to target a business to defraud the entire organization. Using social engineering techniques, BEC often occurs over fraudulent emails.