Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.

In today’s data-driven economy, enterprises are under increasing pressure to manage privacy risks effectively. The responsibility of identifying and mitigating these risks often falls on lawyers and Chief Data Privacy Officers (CDPOs), who must navigate complex regulatory landscapes, safeguard sensitive data, and ensure their organizations maintain customer trust.

Organizations rely heavily on external vendors and suppliers, creating complex supply chains vital for operations. However, this introduces a new dimension of risk: supply chain attacks.

Since the launch of ChatGPT in late 2022, gen AI (generative artificial intelligence) has transformed nearly every facet of our lives, including our professions and workplace environments. Adoption has been driven by employees looking for faster, better ways to perform. For example, applications like ChatGPT, DALL-E, and Jasper are helping employees across industries boost productivity, overcome roadblocks, and brainstorm creative solutions.

Happy New Year! As we usher in a year with some pleasant mathematical properties, I wanted to take a brief look back at one of the stories that was most interesting to me as a security data nerd from last year: our dependency on the National Institute of Standards and Technologies’s (NIST) National Vulnerability Database(NVD), and what the degradation in service has meant to the flow of information about new CVEs. TL:DR.

As security and risk leaders look to the year ahead, they face a rapidly evolving and dynamic set of challenges. The implementation of more stringent cybersecurity standards—such as the U.S. Security and Exchange Commission’s (SEC) rules and the EU’s Network and Information Security Directive 2 (NIS2)—has placed boardroom scrutiny at an unprecedented level.

Digital fingerprinting refers to the process of identifying and profiling a device, system, or user based on a collection of unique characteristics and behaviors emitted during their interaction with a network or digital environment. These identifiers—often passive byproducts of normal operations—can include configuration settings, protocol behaviors, device metadata, and software versions.

In the realm of cybersecurity, ensuring the authenticity and integrity of transactions or communications is paramount. Non-repudiation, a principle that prevents individuals or entities from denying their actions, is a cornerstone of this assurance. This blog post delves into the best practices and techniques for integrating non-repudiation into your security strategy, safeguarding your digital interactions against disputes and fraud.

Recognizing the critical role of software in our national infrastructure and digital economy, the order prioritizes the security of the software supply chain.

‍Embracing cyber risk management during a time in which the average cost of a data breach nearly surpasses $5 million is not merely a strategic option; it’s an absolute imperative. ‍ This calculated move, however, is not as straightforward as deploying an end-point detection solution, for example, or conducting monthly cybersecurity awareness sessions.