Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The months leading up to audits can be some of the most stressful for security and privacy teams. Some audits can take up to 9 months to prepare for and another 3 months to complete, with security and privacy teams spearheading the evidence collection. Collecting evidence used to be a walk in the park, but that was before multi-cloud environments, new standards, and emerging regional privacy requirements.

Bring Your Own Device, better known as BYOD, is when employees can use their personal devices on a company’s network to complete their work tasks. Companies sometimes prefer their employees to use their own devices because they save money on providing technology and resources. Despite this financial benefit, companies should recognize the security risks BYOD can bring to their employees and organizations.

New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker. I first saw this kind of attack earlier this month – where the user is asked to launch the Run dialog box and paste in a malicious command. I never thought I'd see something similar again, but I was wrong.

A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order to reach users’ inboxes. “Building on the insights from the 2023 End of Year Threat Report, an analysis of malicious emails detected by Darktrace / EMAIL in 2024 underscores the implication that email threats are increasingly capable of circumventing conventional email security tools,” the report says.

In the rapidly evolving cybersecurity landscape, alignment between business priorities, IT, and cybersecurity strategies is crucial for organizational resilience. However, the 2024 LevelBlue Executive Accelerator, based on the 2024 LevelBlue Futures Report, reveals a significant disconnect among technology-related C-suite executives—CIOs, CTOs, and CISOs. This disconnect highlights how their divergent roles and priorities can lead to misalignment with broader business objectives.

CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical information about the Falcon sensor and any claims regarding the Channel File 291 incident. CrowdStrike has provided a Technical Root Cause Analysis and executive summary that describes the bug in detail.

Tectonic shifts are occurring across the cyber landscape, and organizations are increasingly turning to Microsoft as a cornerstone of their security strategy. At Trustwave, we have been at the forefront of this trend, partnering with Microsoft for years to deliver unparalleled security solutions and outcomes for our clients. Microsoft 365 E5 has become a compelling option for many organizations due to its robust suite of productivity tools and integrated security features.

Running tests against your security controls and other systems is a critical aspect of protecting your organization from a potential data breach and ensuring that you maintain compliance. Vanta’s platform has automated tests with continuous monitoring that run on an hourly basis against your controls as well as customized tests that you can adapt to your organization's needs.

On the day that Splunk officially became part of Cisco, our leadership outlined key ways we’d come together to support customers to achieve business-critical outcomes, noting: In the short time since then, we’ve already made significant strides, demonstrated by our announcements of: As we continue to build on this momentum, we’re excited to announce the availability of Cisco Talos Incident Response services to Splunk customers.

Threats to digital asset security are constantly evolving. That’s why having a robust disaster recovery (DR) plan is a necessity for institutions in this space. Ensuring business continuity and safeguarding against potential disruptions is paramount when it comes to maintaining trust, integrity, and the seamless operation of services. Counterparty risk continues to be a primary concern for institutional digital asset investors.