The stereotype of the government as a slow-moving behemoth is not ill-fitting, but when it makes adjustments and changes, it does so with deliberation and intent. An excellent example is the ongoing development and evolution of things like security standards. Technology moves much, much faster than the government can respond to or that even most businesses could adjust to without a significant investment or a time delay.

Welcome to our post-release article where we share the latest GitProtect enhancements and new features launched with version 1.7.5. We start with big changes first!

Dive into our highlights from HackSpaceCon 2024, covering red teaming, AI, and securing critical infrastructure to prepare for ever-evolving cyber threats.

The concept of enterprise-wide ad blocking always provokes a powerful response. Whenever I suggest, even casually, that the next step organizations should take to improve cybersecurity posture is implementing enterprise-wide ad blocking, I can hear the collective screams of sysadmins and help desk personnel everywhere — Websites could have compatibility issues! How will we manage it? Users won’t understand! It could be a help desk nightmare! And you know what? They are absolutely right.

In the increasing digitisation of essential services, governments worldwide have been enacting legislation to ensure the protection of vital systems. Australia is like no other, and as we in cybersecurity are all aware, the Security of Critical Infrastructure Act 2018 (SOCI Act) stands as a crucial piece of legislation aimed at safeguarding our nation.

In recent years, breach and attack simulation (BAS) has gained significant traction among enterprises, emerging as a crucial component in fortifying proactive security by automating the ongoing testing of threat vectors. It empowers organizations to verify potential threats, enhance security controls, identify vulnerabilities in critical assets, and prioritize remediation efforts to bolster cyber resilience.

Credential theft is one of the most common methods used by cybercriminals to gain unauthorized access to an organization, according to Verizon’s 2023 Data Breach Investigations Report. Credential theft places organizations at a greater risk of data breaches, so steps must be taken to prevent it.

A recent survey from Gartner forecasts that worldwide end-user spending on public cloud services will total $679 billion in 2024, and that number is expected to jump to $1 trillion in 2027. Businesses left and right are moving to the cloud. But as they make their move, the old ways of protecting data—like building a virtual wall around your data (“perimeter security”)—are proving inadequate.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I think the moral of this story is, if you receive an unexpected alert from service you’ve had a long time and wasn’t informed this was a new feature; treat with caution.

CVEs, or known and cataloged software vulnerabilities, dominate the discussion about open source software (OSS) risk. In 2016, 6,457 CVEs were reported. That number has grown every year since, reaching 28,961 CVEs reported in 2023—an increase of nearly 4.5 times in just seven years. 2024 is already on track to beat 2023, and we will likely see even faster growth once AI is earnestly set to the task of finding vulnerabilities (not to mention creating them).