Unveiled on the 29th of March 2024 is the high-stakes investment and prolonged campaign by a malicious actor to plant a backdoor in the Linux software library liblzma to gain access to multiple operating systems via Linux distributions, which arguably worked out successfully. That is until a curious engineer noticed a glitch. Currently known affected upstream software and proposed mitigation.

Modern organizations have huge demands for regulatory compliance, which means a huge amount of documentation that your business must generate and manage to show that it is fulfilling those compliance obligations. As such, a document management system is crucial for an effective compliance program. This article will review what document management systems should be able to do, common challenges in building a document management system, and how to get started with doing so.

In the late 1980s, a buffer overflow in UNIX’s fingerd program allowed Robert T. Morris to create a worm which infected 10% of the Internet—in two days. This event launched cybersecurity to the forefront of computer science headlines for one of the first times in history. Nearly three decades later in 2014, a buffer overflow vulnerability in the OpenSSL cryptography library was disclosed to the public.

ISO 27001 is an international standard specifying how organizations should develop and implement an effective information security management system (ISMS). Organizations can apply ISO 27001 to manage their information security risks and be certified as ISO 27001-compliant. The measures to achieve compliance are specified in Annex A of the standard; organizations should select and apply the necessary controls to safeguard their stakeholders based on their own company risk profile.

On March 29, 2024, Red Hat disclosed CVE-2024-3094 (a.k.a XZ vulnerability) scoring a critical CVSS rating of 10. Stemming from a supply chain compromise it affects the latest iterations of XZ tools and libraries. The CVE was identified by a software engineer following the discovery of performance issues in SSH connections. This led to the exposure of a major supply chain attack where a compromised library was inserted into sshd and exploited during the authentication process.

Data protection continues to be a headache for many companies. Nowadays, data theft is a concern that affects organizations worldwide, making threat protection a priority but, for many, it is still a pending task. A recent report reveals that ransomware attacks are likely to compromise the data of 80% of organizations. Faced with this threat, cybersecurity experts stress the importance of backing up data to minimize damage if an attack does occur.

India's data protection laws are evolving to safeguard the privacy of its citizens. One crucial aspect is the requirement that Personally Identifiable Information (PII) remain within India's borders for processing. This data residency requirement poses a challenge for businesses that want to leverage powerful AI language models (LLMs) like those offered by OpenAI, which often process data in global centers.

Cyberthreats in today’s digital age are becoming complex and relentless, highlighting the importance of robust cybersecurity measures. Among these measures, DNS firewalls stand out as essential components of a comprehensive security strategy. By intercepting and analyzing DNS traffic, these firewalls provide a unique vantage point for identifying and neutralizing threats before they can infiltrate the network.

A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is distributed by phishing emails with malicious attachments. “The threat begins with a fake bank payment email designed to deceive recipients,” the researchers write.

In a world driven by data, the importance of disaster recovery solutions cannot be overstated. From natural disasters to cyberattacks and human errors, the risks of data loss continues to grow alongside businesses. Today, we will cover the 3 common mistakes companies make when creating a DR strategy, key steps for building an effective DR strategy for your business, and the ways Opti9 can protect your data in AWS.