The Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we are calling RUBYCARP. Evidence suggests that this threat actor has been active for at least 10 years. Its primary method of operation leverages a botnet deployed using a variety of public exploits and brute force attacks.

Achieving and maintaining compliance in the cloud proves challenging for many organizations, as it is a complex, ongoing effort that includes safeguarding sensitive data and ensuring infrastructure resources are correctly configured. Success often hinges on the ability to monitor compliance-related trends over time, enabling organizations to spot risk patterns, gauge their current compliance posture, and adapt as new risks emerge. However, gathering this data can be difficult.

The deadline for achieving complaince with the Digital Operational Resilience Act (DORA) will be here before you know it, with enforcement beginning in January 2025. With Third-Party Risk Management being the central focus of the EU regulation, it’s imperative to cater your TPRM program to the DORA regulation to achieve sustainable compliance. In this post, we outline the DORA requirements related to third-party risk management and explain how to comply with them.

For those only just tuning into this conversation, the EU Commission negotiated and finalized the text of what is called the “General Data Protection Regulation” (GDPR) in December of 2015. This was officially approved as law in April 2016 and comes into effect on May 25, 2018. And, if you’re an organization that does business in the EU or even has customers from those geographies, this could significantly change the way you do business.

I thought it would be a good idea to revisit GDPR, just as a reminder to all of us to take stock and see how ready we are. For the uninitiated, the EU Commission, Parliament, and Commission negotiated and finalized the text of what is called the “General Data Protection Regulation” (GDPR) in December of 2015. This was officially approved as Law in April 2016 and goes into effect on May 25, 2018.

Microsoft’s Active Directory (AD) has been a mainstay of information systems for over 20 years, but it was intended for a different era of computing and business requirements. Its persistence affects IT’s agility, impacts security posture, and limits IT’s capacity to provide the best-of-breed tools that employees expect.

Digital transformation initiatives and the adoption of cloud, mobile, and remote work models have eviscerated the traditional security perimeter. Enterprise assets are distributed across the cloud, endpoints, mobile, and personally owned devices and expanded the attack surface in the process. Organizations are increasingly vulnerable to attack via unknown and unmanaged Internet-facing assets.

CrowdStrike’s mission is to stop breaches. We continuously research and develop technologies to outpace new and sophisticated threats and stop adversaries from pursuing attacks. We also recognize that security is best when it’s a team sport. In today’s threat landscape, technology collaboration is essential to deploy novel methods of analysis and defense.

Securing custom applications in a sea of vulnerabilities is daunting. To make the task even more challenging, the threat to applications continues to grow: 8 out of the top 10 data breaches last year were related to application attack surfaces.1 This blog details two effective strategies for identifying vulnerabilities in custom software applications so they can be quickly addressed.