2023 was a landmark year for BoxyHQ's SAML Jackson project, marked by a series of innovative updates that have redefined how we approach Single Sign-On (SSO) and Directory Sync. In this roundup, we celebrate not just our achievements but the invaluable contributions of our vibrant community.

Within the realm of security operations, teams face an array of hurdles, with resource limitations standing out as a significant obstacle. At ThreatQuotient, we empathize with these challenges, and our ethos revolves around a data-driven approach to threat intelligence management. Our primary aim is to channel the precise data to the appropriate systems and teams, precisely when needed, amplifying the efficiency and efficacy of security operations to tackle these challenges head-on.

If you follow cloud security, you know the market can be challenging to navigate, as security needs are often complex, span multiple teams, and demand new processes to pair with the expanding roster of technologies Fortunately, the market is starting to mature and coalesce around unifying cloud security technologies that bring together visibility across cloud infrastructure, containers, hosts, and identities.

The stakes couldn’t be higher for financial services organizations. They have to protect customers’ money and privacy, while complying with technical requirements and governmental regulations. Complying with all those requirements poses a major, ongoing challenge for security teams, which are already under pressure to do more with less. Cybercrime continues to grow, with every industry falling victim, at one time or another.

Netskope continues to advance inline threat protection capabilities and has improved its detection and blocking of malware and phishing attacks while also lowering and improving its false positive rate in the latest AV-TEST Report. In every part of the testing, Netskope improved.

DevOps has been a top choice of development professionals since 2022, and its position has been retained until now. However, it has undergone numerous changes and advancements in this time frame. Due to this, 2024 will be a highly dynamic year, as all the upgrades will be implemented and used for improved software development, testing, security configuration, and maintenance. DevOps trends include every required technology from AI and ML to version control mechanisms.

With the introduction of new technologies, every sector has improved and increased its potential and productivity. Similarly, the software development landscape has undergone several advancements, among which the CI/CD pipeline is highly trending and used today. It has been over a couple of years since software development companies implemented the CI/CD concept. But, still, there are some questions, doubts, and queries roaming around about it.

In the era of cloud computing, Kubernetes has emerged as a true cornerstone of cloud-native technologies. It’s an orchestration powerhouse for application containers, automating their deployment, scaling, and operations across multiple clusters. Kubernetes isn’t just a buzzword; it’s a paradigm shift that underpins the scalability and agility of modern software.

In mid-December 2023, Volexity observed UTA0178–a potential Chinese nation-state threat actor–leveraging two zero-day vulnerabilities in Ivanti Connect Secure (formerly known as Pulse Connect Secure) VPN appliances to steal configuration data, modify and download files, establish a reverse tunnel, and ultimately place webshells (GLASSTOKEN) on multiple internal and external-facing web servers.

On January 10, 2024, Cisco disclosed a critical vulnerability, CVE-2024-20272, with a CVSS score of 7.3, in their Cisco Unity Connection software. This vulnerability allows an unauthenticated remote attacker to upload arbitrary files and execute commands on the underlying operating system. Cisco has released a patch to address the issue.