A selection of this week’s more interesting vulnerability disclosures and cyber security news. With the rising interest in DNSSEC, sadly we have a huge, and I mean really huge problem…

The United States government has established strict regulations to safeguard intellectual property and military superiority. Compliance with the International Traffic in Arms Regulations (ITAR) is imperative for companies involved with U.S. defense technologies and data. Failure to comply can lead to severe legal and financial repercussions, as well as reputational damage.

On February 2nd, the remote desktop application AnyDesk was the target of a cybersecurity breach, marking a significant event in digital security. Hackers infiltrated AnyDesk's production environment, sparking concerns over data integrity and user security.

“A man walks into a bank…” That may sound like the start of a joke but as hacker and security consultant Jayson E. Street tells it, it’s really nothing to laugh at. He’s walked into banks, hotels, government facilities, and biochemical companies all over the world and successfully compromised them.

Good news for organisations who have fallen victim to the notorious Rhysida ransomware. A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled. Researchers from Kookmin University describe how they exploited an implementation flaw in Rhysida’s code to regenerate its encryption key in a technical paper about their findings.

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard.

More than just introducing XDR today, Cato announced the first XDR solution to be built on a SASE platform. Tapping the power of the platform dramatically improves XDR’s quality of insight and the ease of incident response, leading to faster incident remediation. “The Cato platform gives us peace of mind,” says Shayne Green, an early adopter of Cato XDR and Head of security operations at CloudFactory.

When it comes to modern systems and networks, identities are the new perimeter. Long gone are the days of singular office-bound systems with a set server room and endpoints that stayed on desks. With the rise of hybrid work models, cloud computing, and rapid digitization in industries like healthcare and manufacturing, it’s a user’s identity that holds increasing power over a network’s function and security.

Application Programming Interfaces (APIs) are the backbone of modern software development, enabling seamless communication between various systems and services. As organizations increasingly rely on APIs to power their applications and services, the need for robust API management and monitoring solutions becomes paramount. Capturing API calls and gaining insights into their behavior can significantly enhance the development, troubleshooting, and security of APIs.

Safeguarding data in today’s cyber landscape is no small feat. And with data growing at an explosive rate, more than 65 percent of IT and security leaders surveyed believe their organization’s current data growth is outpacing their ability to secure this data and manage risk, as found in the latest Rubrik Zero Labs State of Data Security report.