Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 24, a group of researchers at Midnight Blue announced TETRA:BURST, a set of five new vulnerabilities affecting the TETRA standard for radio communication.

According to the latest cybersecurity report of CNIL, the French data protection supervisor, France has seen a record of personal data breaches in 2021 — a near 80% increase from 2020. The CNIL carried out strict regulatory measures on French businesses and organizations in 2021, sending 135 formal notices that resulted in €214 million in fines and 18 sanctions. Nine sanctions were for inefficient data security.

Vulnerability disclosure programs (VDPs) are structured frameworks or processes for organizations to document, submit, and report security vulnerabilities to all other relevant organizations. Being ready and able to address vulnerabilities before they become problems is an essential part of any cybersecurity strategy. While VDPs are not currently required by law, the U.S. government encourages vulnerability disclosure programs as a proactive approach to cybersecurity.

The US Federal Bureau of Investigation (FBI) has warned of an increase in tech support scams that attempt to trick users into sending cash via snail mail.

Recently, a team of experts from JumpSEC Labs discovered a vulnerability in Microsoft Teams that allows malicious actors to bypass policy controls and introduce malware through external communication channels. Leaving end-users susceptible to phishing attacks. Microsoft’s advice is to educate end-users to detect phishing attempts. One workaround would be to disable Microsoft Teams collaboration with external organizations.

SecurityScorecard recently joined the World Economic Forum’s Centre for Cybersecurity and UC Berkeley’s Center for Long-Term Cybersecurity (CLTC) for a private, invite-only workshop in Washington, DC alongside global leaders, CEOs, and CISOs to identify trends and insights that will most likely impact cybersecurity in the next decade of 2030 via future-focused scenarios with emerging cybersecurity challenges.

In GitGuardian's first digital conference, CodeSecDays, security leaders from multiple leading companies like Snyk, Chainguard, Doppler, RedMonk, and more came together to share the latest in code and application security.

Selecting an identity management solution is a critically important decision for any software organization. Identity management is a foundational component of good cloud security and can either be an enabler for scalability or a huge technical debt sink. Many organizations start with AWS by quickly throwing together their IAM infrastructure: some users, a few roles, and some policies.

As the fight against ransomware continues, the value of data cannot be understated. Considering what a breach could cost and how long it would take to rectify, it’s no wonder risk mitigation and response is at the forefront of every IT leader’s mind. When discussing data storage, data permanence is often discussed as a way to retain information indefinitely. But when it comes to the threat of ransomware, does the immutability of your backups play such an important role?

Awareness of potential threats is merely the first step; true change is brought about when secure practices become habitual through consistent reinforcement. The focus on cyber security behaviours is pivotal, as it converts theoretical knowledge into routine action. This ensures that employees not only understand the nuances of the threat landscape but also possess the capability to respond effectively during a genuine cyber attack.