Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the last two decades, the M365 service capabilities have developed rapidly and have evolved into a more complex version. In addition, the Security & Compliance Centre has rapidly expanded in response to the rising sophisticated attacks. Office 365 user numbers have reached approximately a whopping 345 million," broadly aligning with the 17% y-o-y increase in commercial revenue.

Reliable electricity is essential to the convenience of modern life, and also functions as a crucial contribution to America’s economy and level of comfort. Yet citizens take it for granted, rarely thinking about it much.

On Tuesday, March 7, 2023, Fortinet published a security advisory detailing an unauthenticated remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-25610). The vulnerability was internally discovered by Fortinet, and exploitation has not been observed in the wild at this time. A proof of concept (PoC) exploit has not been published publicly for this vulnerability at this time.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. An unfortunate (aren’t they all?) breach at Acer. With the the UEFI rootkit discovery last week, I wonder if they were poking around for another vendor implementation?

California Consumer Privacy Act is a data privacy regulation introduced to protect the privacy of personal data and uphold the rights of consumers. So, it is an obligation for organizations to achieve and maintain CCPA Compliance if they are dealing with the personal data of citizens of California. However, now CCPA will soon be replaced with the latest version which is known as the California Privacy Right Act (CPRA).

A few weeks ago, we had the pleasure of exchanging with Ezequiel Rabinovich, Lemontech's CTO, about how his teams use GitGuardian to protect their secrets.

Every day, thousands of companies download updates to their software. With a click of a button, they can walk away and return the next morning with everything reorganized and in order. While a staple of modern life, this action is no longer completely harmless. It is now one of many attacks that bad actors use to access systems and execute supply chain attacks.

As cybercrime continues to grow and organizations digitize, understanding cybersecurity and how to improve one’s security posture becomes paramount. Unfortunately, the firewall has dissolved and tools alone, though helpful, can’t protect environments when public sector organizations are understaffed, underfunded, and struggling to maintain compliance.

When I talk to customers and partners about Cloud Threat Exchange (CTE), I immediately say, “I’m not in marketing, and didn’t see the future—so I misnamed the module. I should have named it Cloud Data Exchange.” Why do I say this? Because, as Netskope and Cloud Exchange have matured, the number of use cases the module can fulfill has naturally grown beyond the initial vision. How so?

DC Health Link is part of the Affordable Care Act online marketplace of health insurance plans. The service provides health care to members of Congress as well as many staff members throughout Capitol Hill. This healthcare service was recently the victim of a cyber attack and suffered a serious data breach that exposed hundreds of politicians and Capitol Hill staff members.