In today's digital age, the prevalence of cyber attacks has become a major concern for organizations across various industries, with higher education institutions particularly vulnerable. As the volume and complexity of cyber threats continue to escalate, there is a growing need for innovative solutions to bolster cybersecurity defenses.

Dynamic Application Security Testing (DAST), sometimes referred to as “pentesting in a box”, tests running code for a variety of issues that can’t easily be found by analyzing code with static scanning tools. DAST tools are platform and language agnostic—as long as you have a website or API they can connect to, they’ll get the job done, and find real vulnerabilities in the same places an attacker would.

Docker Zombie Layers are unreferenced image layers that continue to exist for weeks in registries, even after being removed from a manifest. In this hands-on deep dive, we explore how these layers can persist in registries and why ensuring the immediate revocation of exposed secrets is critical.

Unfortunately, it will often take some kind of disaster in the business world before a government takes action to prevent it from happening again. It’s only when significant data breaches happen that states implement compliance laws to avoid mishandling data; in this case, SOX compliance has a similar backstory. In the early 2000s, the collapse of corporate giants Enron, Tyco, and WorldCom exposed flaws in corporate accountability, leading to widespread fraud and massive investor losses.

The second Network and Information Systems Directive (NIS2) will come into effect on 17 October 2024. This is the date by which all EU member states must implement the directive into national law. Not far behind is the Digital Operational Resilience Act (DORA), an EU regulation which came into force on 16 January 2023 but is effective 17 January 2025.

Trustwave's Threat Intelligence team has discovered a new malware dubbed Pronsis Loader, with its earliest known variant dating back to November 2023. This loader shares similarities with the D3F@ck Loader , which surfaced in January 2024. Pronsis Loader has been observed delivering different malware variants, including Lumma Stealer and Latrodectus as its primary payloads. Additionally, the team identified infrastructure linked to Lumma Stealer during the investigation.

After almost a decade in business, we’ve had the opportunity to watch the software development industry change dramatically. Developers work with more moving parts than ever, relying on technologies like third-party resources and AI coding assistants to release sophisticated software on tight deadlines. While we’ve been talking about the relationship between development and security for the past decade, the DevSecOps conversation has shifted quite a bit.

Mitigating risk based on the threat landscape is a complicated yet essential part of being a CISO, which is why threat reports like the 2024 Elastic Global Threat Report are a huge help for me. In addition to providing an in-depth understanding of what’s happening, threat reports also offer a quick overview of what needs to be explained or communicated to the rest of the organization.

In the ever-evolving landscape of cybersecurity threats, the DragonForce ransomware group has quickly become a serious menace to organizations worldwide. First discovered in August 2023, DragonForce has made headlines by leveraging two powerful ransomware variants—a fork of the infamous LockBit3.0 and a modified version of ContiV3.