Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the domain of software testing and security analysis, fuzzing has emerged as a powerful technique for uncovering vulnerabilities and enhancing the resilience of software systems. Microsoft and Google have been using fuzzing for ages. They were early adopters of fuzzing technologies to test their own systems. Since launching in 2016, Google's OSS-Fuzz, a free fuzzing platform for critical open-source projects, has helped fix over 8,800 vulnerabilities and 28,000 bugs across 850 projects.

On March 29, 2024, a security researcher disclosed the discovery of malicious code in the most recent versions of XZ Utils data compression tools and libraries. The code contained a backdoor, which a remote threat actor can leverage to break sshd authentication (the service for SSH access) and gain unauthorized access to the system, potentially leading to Remote Code Execution (RCE).

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

Today, consumers can shop, sell, research, and work using their smartphones. Advancements in technology have made it possible for users to complete countless transactions through their phones anywhere and anytime. One of the most common phone scams targeting modern consumers is subscriber identity module (SIM) swapping. This short guide will outline the dangers of this subtle attack on devices and how consumers can protect themselves.

A comprehensive guide to the basics of IAM, its benefits, and best practices.

Explore ATLSECCON 2024: a journey through mindfulness, risk management, Active Directory security, understanding containers, and more in the far North of Halifax.

In our always-online world, we're facing a new kind of cyber threat that's just as sneaky as it is harmful: subtextual attacks. These aren't your run-of-the-mill security breaches; they're cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat.

The financial industry is making new moves, with tokenization projects coming to light to bring traditional assets into the public blockchains and increasing their distribution and liquidity. The trend gained momentum with the issuance of bonds and other funds in the last 12 months.

Achieving and maintaining compliance in the cloud proves challenging for many organizations, as it is a complex, ongoing effort that includes safeguarding sensitive data and ensuring infrastructure resources are correctly configured. Success often hinges on the ability to monitor compliance-related trends over time, enabling organizations to spot risk patterns, gauge their current compliance posture, and adapt as new risks emerge. However, gathering this data can be difficult.

The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.