Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you’ve been following our series on the PEAK threat hunting framework, you might already know that the purpose of threat hunting isn’t just to find security incidents your automated detection systems missed. Finding incidents is more like a helpful side effect. The real reason to hunt is to drive improvement to your security posture over time.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

Have you ever wondered why PIN pads at grocery stores often have a protective shield surrounding the buttons? It’s to prevent an attack called “shoulder surfing.” Shoulder surfing is a method of information theft in which the perpetrator watches the victim from nearby to see any information they type or view on their screens. Keep reading to learn why shoulder surfing is a threat to cybersecurity and how to protect your private information from this form of attack.

Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it?

When working with security teams and application security analysts, the new world of low-code/no-code development presents new questions that invariably begin with ‘where do we start?’ With so many new applications, automations, and more that are introduced to the corporate environment, it can seem like an endless pit of concerns about data flows, user permissions and potential security risks introducing my organization that need to be analyzed and brought under management.

IBM Security has released its annual Cost of a Data Breach Report, revealing that the global average cost of a data breach reached $4.45 million in 2023. This marks a significant increase of 15% over the past 3 years, making it the highest recorded cost in the history of the report. Notably, detection and escalation costs have seen a substantial rise of 42% during the same period, indicating a shift towards more complex breach investigations.

While perhaps new to AI researchers, supply chain attacks are nothing new to the world of cybersecurity. For those in the know, it has been best practice to verify the source and authenticity of downloads, package repositories, and containers. But human nature usually wins. As developers, our desire to move quickly to improve ease of use for users and customers can cause us to delay efforts to validate the software supply chain until we are forced to by our peers in compliance or security organizations.

Ransomware impersonates Sophos, FIN8 group uses modified backdoor to deliver BlackCat ransomware, and Chinese espionage actors continue to evolve.

In today’s digital landscape, the need for real-time communication has never been greater. For engineers in IT teams and service desk analysts, the ability to exchange information swiftly and effortlessly can make all the difference in resolving critical issues, brainstorming solutions, and fostering a productive work environment.

Microsoft have renamed its cloud-based identity provider from Azure Active Directory to Microsoft Entra ID. Alongside this announcement, Microsoft also introduced Entra Internet Access and Entra Private Access services, which are currently available for public preview. The purpose of this rebranding effort by the tech giant is to streamline the product names and create a cohesive product family.