The role of information security in modern enterprises is evolving like never before. Security will need to improve third-party oversight as organizations increasingly depend on outsourcing models for scale flexibility, efficiency, and cost savings. It will also need to do a better job of balancing security requirements (e.g., regulatory compliance, risk management) against business objectives (e.g., user experience, network performance, reducing costs).

Over the past weekend, on June 2, Atlassian published a security advisory regarding a zero-day vulnerability in all versions of the Confluence Server and Data Center that is already being exploited in the wild. The critical severity vulnerability has received the ID of CVE-2022-26134 and a threat actor can exploit this vulnerability in order to perform unauthenticated remote code execution (RCE).

In our sixth episode of the Future of Security Operations podcast, Thomas speaks with Niall Heffernan, Head of Security at Cygnvs, a former Senior Manager of Information Security at Informatica, and a Lecturer for BSc, HDIP, PGDip, and MSc students studying in the Cybersecurity courses at the National College of Ireland.

Great things happen when the academic world and the software industry work together! Today, we’d like to share a story about our recent collaboration with the CISPA Helmholtz Center for Information Security, a big science institution in Germany. Back in January, Cris Staicu Ph.D. (Tenure-Track Faculty, CISPA), contacted us about his research on NodeJS and JavaScript.

One of the universal truths in technology is that security always lags behind innovation. Companies must move quickly as they seek to innovate, increase efficiencies and be disruptive in ever-crowded markets. Living on the bleeding edge means you will get a few cuts, but the risk of not adopting new technologies is greater than those of a few system failures or breaches. One challenge is that it is often not apparent what new risks exist until boundaries are pushed.

There has been a lot of talk recently about cyber resilience. There is no doubt that the ability to bounce back from a security event is important, however, all of the resiliency banter seems to be happening at the peril of sound risk management processes. It is safe to say that the path to resilience is paved with risk management.

Recall the last time that you stood on the shore, enjoying the briny breeze that gently caressed your skin, and the sounds and smells of the sea. You may have noticed in the distance a large sailing vessel. Have you ever considered all the moving parts that contribute to these “floating cities”? Beyond the logistics of setting out to sea, a ship contains an impressive array of communication devices and capabilities.

Trustwave SpiderLabs is tracking the critical-rated zero-day vulnerability CVE-2022-26134. Threat actors are reported to be actively exploiting this vulnerability in the wild. Atlassian disclosed and issued guidance for CVE-2022-26134 on June 2. Trustwave is diligently watching over our clients for exposure and associated attacks and working closely with our clients to ensure that mitigations are in place.

Trustwave SpiderLabs is tracking the critical-rated zero-day vulnerability CVE-2022-30190. Threat actors are reported to be actively exploiting this vulnerability in the wild. Microsoft disclosed and issued guidance for CVE-2022-30190 on May 30. Trustwave is diligently watching over our clients for exposure and associated attacks and working closely with our clients to ensure that mitigations are in place.

The software supply chain remains a weak link for an attacker to exploit and gain access to an organization. According to a report in 2021, supply chain attacks increased by 650%, and some of the attacks have received a lot of limelight, such as SUNBURST in 2020 and Dependency Confusion in 2021.