On March 29, 2024, a security researcher disclosed the discovery of malicious code in the most recent versions of XZ Utils data compression tools and libraries. The code contained a backdoor, which a remote threat actor can leverage to break sshd authentication (the service for SSH access) and gain unauthorized access to the system, potentially leading to Remote Code Execution (RCE).

The financial industry is making new moves, with tokenization projects coming to light to bring traditional assets into the public blockchains and increasing their distribution and liquidity. The trend gained momentum with the issuance of bonds and other funds in the last 12 months.

Explore ATLSECCON 2024: a journey through mindfulness, risk management, Active Directory security, understanding containers, and more in the far North of Halifax.

Each year, our "Open Source Security and Risk Analysis” (OSSRA) report highlights the fact that open source software (OSS) plays a critical and substantial role in modern application development, and it is therefore foundational to the software supply chain. The prevalence of OSS within commercial applications makes it difficult to track, and that makes it difficult to manage the risk that it may introduce.

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity. I regularly speak with thousands of cybersecurity practitioners each year. Nearly every day, I see (good) cybersecurity advice, but some of it is just a bit shy of what is needed…such as “Use MFA!”. That is good advice, but is not specific enough. It does not give enough detail. There is a slight adjustment needed to get the most benefit.

In this week’s episode of The Future of Security Operations podcast, I'm joined by Adam Khan. Adam is a cybersecurity and technology leader with over 25 years of experience working at Fortune 500 companies. He has a proven track record of building and managing global security teams, leading engineering, infrastructure, application, and product, and is currently VP of Global Security Operations at Barracuda.

NIST released the much-anticipated update to its popular Cybersecurity Framework (CSF) in February 2024. The NIST CSF is one of the most widely used cybersecurity frameworks, designed to help organizations of any size in any industry holistically start, mature, and sustain a cybersecurity program. The latest version of the NIST CSF—NIST CSF 2.0—brings several enhancements over the previous version. This article will cover what you need to know about the new NIST CSF 2.0.

In an era where data breaches and privacy concerns are increasingly shaping global discourse, India's proactive stance on data protection is noteworthy. Introducing the Digital Personal Data Protection (DPDP) Act 2023 marks a significant milestone in India's legislative landscape. This groundbreaking Act fortifies individual data privacy rights and aligns India with global cybersecurity and data protection standards, setting a new benchmark for regulatory compliance.

The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.

Who’s responsible for regulating technological change in a democracy?