Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Summertime often means vacation time—a chance to rest, relax, and dive into some good reading. But for those of us in cybersecurity, truly disconnecting can be a challenge. It’s crucial to stay updated on the latest news and developments within the industry. To help you keep up, we’ve compiled a list of “must-read” cybersecurity content to add to your summer reading list. Here are our top picks for the first half of 2024, complete with a brief summary of each.

We’re in an era of connectivity and convenience, but this has also opened the floodgates to a new wave of cyber threats. Among the most insidious and pervasive is credential stuffing, a cyberattack that exploits the human tendency to reuse passwords across multiple online accounts. This threat is more than just a digital inconvenience. Verizon’s 2024 Data Breach Investigations Report reveals that more than 49% of breaches caused by external actors involve stolen credentials.

Intellectual property (IP) is the intangible property belonging to a company, such as its designs, creative expressions, inventions, or trade secrets. Intellectual property theft leads to serious financial damage for a company, including decreased business growth and loss of competitive edge. Sometimes, companies aren’t even aware that their IP has been stolen, making tracking IP theft difficult. Even though it’s a federal crime, only a small percentage of all IP theft cases are reported.

A week before RSA 2024, Forrester predicted which subjects and themes would come to the forefront of the conference. They emphasized that we’d see a focus on proactive security, defined as “a strategic approach to controlling security posture and reducing breaches through strong visibility, prioritization, and remediation.” I went into the conference with this prediction in mind. However, I was surprised by what I found.

On June 20th, 2024, the Department of Commerce's Bureau of Industry and Security (BIS) announced the prohibition of Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the U.S. or to U.S. persons. The prohibition also applies to Kaspersky Lab, Inc.’s affiliates, subsidiaries, and parent companies.

Continuing our interview series with influential figures in the technology sector, we are pleased to welcome Shannon Walker, Executive VP of Strategy at Case IQ, a workplace investigation tool that provides comprehensive risk management features for businesses around the world.

The MD5 cryptographic hash function was first broken in 2004, when researchers demonstrated the first MD5 collision, namely two different messages X1 and X2 where MD5(X1) = MD5 (X2). Over the years, attacks on MD5 have only continued to improve, getting faster and more effective against real protocols. But despite continuous advancements in cryptography, MD5 has lurked in network protocols for years, and is still playing a critical role in some protocols even today.

Welcome to the 18th edition of the Cloudflare DDoS Threat Report. Released quarterly, these reports provide an in-depth analysis of the DDoS threat landscape as observed across the Cloudflare network. This edition focuses on the second quarter of 2024. With a 280 terabit per second network located across over 230 cities worldwide, serving 19% of all websites, Cloudflare holds a unique vantage point that enables us to provide valuable insights and trends to the broader Internet community.

The Defense Information Systems Agency (DISA) is a Department of Defense (DoD) service provider that supplies a global information-sharing architecture for all DoD members "from the President on down." Their cybersecurity measures are among the best in the world.

As one of the leading platforms for distributed version control, Bitbucket is a hub that helps DevOps teams collaborate on code. This critical data, including source code, digital data, and we shouldn’t forget metadata that helps them to see the full picture of their work, is vital for their operations and business continuity. So, should they have the possibility to seamlessly import this data from Bitbucket and export to Bitbucket? The answer is yes.