When it comes to cyber resilience, Security Validation is emerging as the linchpin. Security teams face ever-more potential risks as their organization’s attack surfaces expand across diverse IT environments. Amid this challenge, the process of risk-based prioritization is more important than ever. However, prioritization alone falls short of the mark.

The latest example of an advanced persistent threat exploiting a legitimate cloud service to deliver a malicious payload was recently unearthed by researchers at Trend Micro.

Faced with year-on-year rising attack figures, law enforcement have struggled to adapt to the immense task of preventing ransomware and cyber extortion. By tracking and analysing attacker reported victim data, we seek to explore the significance of Lockbit’s recent takedown in the context of prior disruption efforts.

Late last year, the Computer Emergency Response Team of Ukraine (CERT-UA) released an advisory that reported cyberattacks targeting Ukrainian state organizations attributed to the Kremlin-backed nation-state group APT28, aka Fancy Bear/Sofacy. The advisory listed the use of a new backdoor named “OCEANMAP,” detailed in this whitepaper.

Digitalization has revolutionized bureaucratic processes as a whole. Like other sectors, public bodies across the world have adopted web-based software and support to increase the efficiency of their operations.

Professionals in the cybersecurity industry have much to consider regarding the various approaches and types of tooling required to keep their organizations secure. There are significant known cybersecurity threats and a constant danger of new “zero-day” vulnerabilities. One comprehensive strategy growing in popularity for mitigating the associated risks generated by these threats and vulnerabilities is Attack Surface Management (ASM).

Researchers predict a 25% rise in CVEs, TimbreStealer malware spreads through phishing, and Proofpoint releases its 2024 State of the Phish report.

Highlighting the critical need for improved maintenance practices among users of open source software, the new 2024 “Open Source Security and Risk Analysis” (OSSRA) report catalogs security concerns caused by the significant lag many organizations have in keeping the open source components they use up-to-date.

For defense contractors, cybersecurity is a non-negotiable priority. The Cybersecurity Maturity Model Certification (CMMC) program outlines rigorous assessment and affirmation requirements for contractors and subcontractors. Let’s dive into the key elements that shape this crucial aspect of CMMC compliance.

Organizations should implement the principle of least privilege to protect their sensitive data from unauthorized access. To implement the principle of least privilege, organizations need to define roles and permissions, invest in a Privileged Access Management (PAM) solution, enforce MFA, automatically rotate credentials for privileged accounts, segment networks and regularly audit network privileges.