Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As digital transformation expands the threat landscape, compliance mandates adapt to meet new challenges. In 2020, the European Commission announced its decision to accelerate its revision of the Directive on Security of Network and Information Systems (NIS2). When carrying out its impact assessment, the Commission realized that it needed to update the NIS Directive in response to new risks.

In the past 6 months, our security research team disclosed 24 critical vulnerabilities. Most have been successfully remediated. Our team's contributions to cybersecurity have been formally recognized, with our researchers being listed in both Bayer's and Oracle's Security Researcher Hall of Fame.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! The awe I have for those able to dig this deep increases further. Also does the concern at what nefarious uses it can be put to.

Today’s businesses rely on third-party vendors, contractors, and partners to operate efficiently more than ever. But every external connection introduces a risk—especially when it comes with overly permissive access. If not properly managed, this can become a significant vulnerability. Attackers know this, and they actively exploit these weak points.

We know it's confusing: uncover the key differences between IT asset management and inventory systems, and learn how combining both into one comprehensive solution optimizes your asset inventory strategy for success.

I still vividly remember the pain and anguish of inefficient, manual client onboarding processes, even though it’s been a few years since I transitioned from being a financial advisor to leading Egnyte’s wealth management and buy-side practice. The mountains of paperwork. Ugh. The endless back-and-forth with clients and the new business department because something was forgotten or not filled out correctly. Ugh. The constant worry of maintaining compliance. Double ugh.

The new 1Password Community launches today! Whether you use 1Password at work or at home, the new Community is a space for you to connect with peers, share your knowledge, and get even more out of your 1Password experience.

With the dynamic start of the new US Presidential Administration, on the heels of our global annual kick-off, and with colleagues across our offices starting Lunar New Year celebrations last week, it’s a good time for Fireblocks to share our outlook on digital assets policy for the rest of the year. Years in our industry are often unprecedented.

As a part of our ongoing work to secure cloud computing infrastructure, we delved into the inner workings of some popular Kubernetes add-ons. Our first subject of research was Istio, a popular service mesh add-on. Istio is an open-source service mesh for Kubernetes that manages communication between microservices. It provides traffic management, security, and observability features without requiring code changes.

The Network and Information Systems Directive 2 (NIS2) is the European Union’s effort to fortify cybersecurity across critical industries and services. Building on the original NIS Directive, NIS2 has broadened its scope, introduced stricter requirements, and placed greater emphasis on supply chain security. Now that the October 2024 transposition deadline has passed, organizations must focus on maintaining compliance and integrating robust cybersecurity measures into their operations.