In the early part of 2024, the Center for Internet Security (CIS) released the latest version of the well-respected Critical Security Controls (CSC). The new version, 8.1, adds contours to the prior versions, making it more comprehensive and timely in today’s challenging cybersecurity environment.

73% of educational institutions in the UK have sustained at least one cyberattack or breach in the past five years, according to researchers at ESET. Additionally, a fifth of these organizations said they’ve experienced three or more cyberattacks. 43% of the organizations surveyed cited phishing attacks as their top concern.

Not only API authentication and authorization are the crucial aspects of API security when crafting secure software, but they also impact scalability and user experience.

In the world of cloud-native applications, microservices and Kubernetes have become the backbone of modern software architecture. The scalability, flexibility, and orchestration capabilities provided by Kubernetes have revolutionized how applications are built and managed. However, like any powerful tool, Kubernetes introduces complexity, and with complexity comes risk — particularly in the form of security vulnerabilities.

There was some good, bad, and neutral news when it comes to email threats in December 2024, according to new data compiled by Trustwave SpiderLabs’ MailMarshal email security team. Trustwave SpiderLabs’ PageML, which is used in MailMarshal’s Blended Threat Module (BTM), flagged 19 million malicious URLs for VirusTotal, of which 2.2 million detections were only picked up by Trustwave. The team reported that 25% of all incoming spam emails were in fact phishing attacks of some type.

In a recent webinar on SOAR’s evolving role in security and beyond, I chatted with Andrew Green, Networking & Security Research Analyst at GigaOm. We kicked things off with a brief discussion on Gartner’s Hype Cycle for ITSM report, which described the SOAR category as “obsolete” and prompted some commenters to declare that SOAR is “dead”.

The threat landscape is evolving at an unprecedented rate, with organisations facing increasingly complex and malicious cyber threats. As cyber-attacks grow in frequency and sophistication, Cyber Threat Intelligence (CTI) has emerged as a critical focus for many organisations striving to counter these rising challenges effectively.