As a company building a SaaS security product, our inherent culture is not only focused on building best of breed security products for our users, but also ensuring that our systems, practices and workflows are engineered to support a continuously evolving threat landscape, and to protect our users’ data. We’ve written about our design for tenant isolation for our serverless based architecture in the past, and practical methods to avoid data leakage between clients.

If you’re a software developer, you’re probably using open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges for your organization?

In the face of increasingly frequent and severe cyber attacks, organizations with strong cybersecurity maturity are working hard to manage and mitigate their risk, while recognizing that these may no longer be enough.

On March 28th, Red Hat released an advisory for CVE-2024-3094 which is a critical vulnerability identified in XZ Utils – a widely used data compression software included in many Linux distributions. This vulnerability stems from a backdoor inserted in versions 5.6.0 and 5.6.1 of XZ Utils and has been given a CVSS score of 10 out of 10, indicating its severity as critical.

Cyberattacks on large companies grab the headlines, creating the false impression that only big organizations are targeted by cybercriminals. This misleads smaller companies into believing that they are not potential targets because of their size or low profile. However, threats against small and medium-sized companies have been a cause for concern in recent years. Experts warn that companies with fewer than 100 employees are especially vulnerable to a range of threats.

By being aware of these scams and taking steps to protect yourself, you can safeguard your personal and financial information.

It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package. At time of writing, there is no information regarding exploitation of the vulnerability and follow-on post-compromise activity.

The Health Records and Information Privacy Act 2002 (HRIPA) is a comprehensive legislation established to protect the privacy and security of health information in New South Wales (NSW), Australia. This legislative framework shares many similarities with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in the United States in their goals to ensure data privacy, security, and handling of health information in the healthcare sector.

As I travel around the world meeting with customers and prospects, we often discuss the tectonic shifts happening in the industry. At the heart of their strategic initiatives, organizations are striving to innovate rapidly and deliver customer value with uncompromising quality and security, while gaining a competitive edge in the market.

AutoAdminLogon is a Windows registry setting which automates the logon process of a specific user account during system startup, bypassing the typical login screen. Enabling this setting streamlines the startup process, being particularly useful in scenarios where a system needs to boot up and immediately launch specific applications or services without manual intervention.