New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. In cybersecurity vendor ReliaQuest’s Annual Cyber-Threat Report: 2024, there is a ton of great detail mapped to the MITRE ATT&CK Framework outlining which threat actions are used and how organizations are most effectively fighting back and stopping attacks.

In the rapidly evolving AI landscape, the principle of least privilege is a crucial security and compliance consideration. Least privilege dictates that any entity—user or system—should have only the minimum level of access permissions necessary to perform its intended functions. This principle is especially vital when it comes to AI models, as it applies to both the training and inference phases.

Major shifts in application development are creating new and significant security risks. Continuous integration/continuous delivery (CI/CD) pipelines and technology advances like automation and AI mean the development process is now so complicated and fast-moving that corporations, DevOps directors, and security groups struggle to understand and manage it, let alone defend it from assaults.

The European Union’s Network and Information Systems Directive 2 (NIS2) is a big deal for improving the EU’s cybersecurity stance. Kicked off in January 2023—with a compliance deadline of October 18, 2024—the Directive is designed to beef up cyber defences across key sectors.

One of the critical challenges for organizations today is securing their data. Organizations must incur the cost associated with proper design, development, and maintenance of systems and their appropriate safeguarding and monitoring. One way to reduce and optimize these costs is to choose tools that operate in a Software-as-a-Service model. Choosing tools in such a model helps shift some of the responsibilities and costs to the vendor.

In any organization, unrestricted access to systems and resources poses significant security risks. Recent cybersecurity events have shown that attackers will target any organization of any size. The most common attack vector is through unauthorized access to a legitimate account, often preceded by a phishing technique. To protect against unauthorized access, it's essential to establish rules and policies for authenticating and authorizing users.

Nearly 50 million healthcare records were compromised in 2022, highlighting a dire need for proactive data security measures in this rapidly evolving digital landscape. For healthcare entities storing ePHI (Electronic Protected Health Information), a comprehensive HIPAA Risk Assessment is a foundational step towards protecting sensitive data and ensuring compliance. Furthermore, establishing robust Business Associate Agreements (BAAs) is a HIPAA mandate; failure to do so invites substantial penalties.

A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.

Researchers discover a new version of the Tycoon 2FA AiTM kit, a phishing attack disguises keylogger as bank payment notice, and TheMoon malware targets ASUS routers.

My perspective on how GitGuardian approaches the cybersecurity market with a focus on the long game.