Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Welcome back to our ongoing series on the Payment Card Industry Data Security Standard (PCI DSS). In our previous posts, we’ve covered the various requirements of this critical security standard. Today, we’re going to delve into Requirement 4, which focuses on protecting cardholder data with strong cryptography during transmission over open, public networks.

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library – CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities.

Recent ransomware attacks on European organizations have attracted significant attention, primarily due to the involvement of threat actors with Russian connections or origins. Of particular concern is the latest attack on an IT service provider, which has had a profound impact on Swedish companies, government agencies, and municipalities.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

Many organizations have made the decision to use Microsoft products. Their users appreciate the integrated applications provided by M365 and have grown comfortable with them over years of use. However, many administrators find Microsoft products unnecessarily complex to configure and maintain. In addition, some security and governance capabilities are either difficult to configure or simply don’t exist with Microsoft.

Identity Threat Detection and Response (ITDR) is one of many aspects of an effective identity security program. Yet despite what some detection and response-focused vendors may argue, ITDR is not a silver-bullet solution to prevent identity-centric attacks. Such a thing doesn’t exist. In fact, modern data breaches, industry analyst perspectives and compliance requirements make it crystal clear that organizations need more than ITDR to build an identity security program.

Each year, the National Cybersecurity Alliance celebrates Data Privacy Week to emphasize the importance of safeguarding personal data. As companies continue to focus on their organization’s digital transformation, it enables them to collect more personal information about individuals that use their services. Let’s face it, your online activity including apps on your phone are collecting an endless amount of data about you.

Today’s modern supply chains can be large and complex, involving many suppliers doing many different things. As digital transformation initiatives have accelerated, the ecosystem of suppliers has exploded. Effectively securing the supply chain is hard because vulnerabilities can be inherent, or introduced and exploited, at any point in the supply chain. Unfortunately, a compromised software supply chain can cause significant damage and disruption.

Medusa ransomware pivots to extortion, Infostealers evade macOS anti-malware, and the FBI and CISA issue a joint advisory for Androxgh0st malware.

CI/CD pipelines can be exploited in a number of ways and we're going to share a few with you.