Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Beyond Compliance: Building a Resilient Security Strategy with the ISM and Essential Eight

In today’s complex cybersecurity landscape, addressing the controls within the Australian Government’s Information Security Manual (ISM) and the Essential Eight (E8) is critical when seeking to build rapport and work with the Australian Government. Australian cybersecurity regulations like the ISM and E8 outline foundational steps, including cybersecurity best practices and controls for data protection strategies.

Top challenges for implementing multi-domain correlation in the cloud

Adversaries often use complex, multi-stage cloud attacks that evade traditional security measures, which struggle to fully visualize, prioritize, and respond to threats. Multi-domain correlation addresses this by analyzing data across diverse domains — including networks, applications, databases, and storage — to uncover potential weaknesses and attack paths across interconnected resources.

OWASP Top 10 Vulnerabilities in 2021: How to Mitigate Them?

The OWASP Top 10 is a research-based document that raises awareness among developers, organizations, and security professionals on the most critical security risks facing web applications. The latest is the OWASP Top 10 vulnerabilities 2021, released in September 2021 after a 4-year gap. In this article, the OWASP Top 10 vulnerabilities 2021 are explained in detail, along with ways to mitigate each.

Exploitation Walkthrough: ESC15/EKUwu with Justin Bollinger from TrustedSec

Justin Bollinger, Principal Security Consultant at TrustedSec, discussed his research and mitigation guidance on ADCS ESC15 (CVE-2024-49019), also known as EKUwu, a vulnerability in Microsoft's Active Directory Certificate Services.

The Age of AI-Powered Scams | The 443 Podcast

This week on the podcast, Marc Laliberte and Corey Nachreiner dive into a research white paper that explores how attackers could use AI to execute a full-scale money or credential theft scam from start to finish. Before that, they discuss Sophos's five-year battle with Chinese hackers targeting network devices, followed by a conversation about Microsoft’s ongoing fight against password spray attacks through compromised network devices.

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast attack surface that’s challenging to defend with traditional methods alone.

Is the ASX 200 Resilient to Cyber Threats? Our Report Says No.

In today’s rapidly evolving digital landscape, managing cyber risk has become essential for sustaining corporate growth and resilience. Cyber risk management requires balancing corporate growth against the evolving tactics of threat actors and governmental regulations – a daunting task that requires continuous measurement and strategic reflection.

OT Security Challenges and Solutions for Critical Infrastructure Protection

Critical infrastructure systems, such as power plants, water treatment plants, transportation networks, and factories, depend on operational technology (OT) to work. OT systems are meant to handle physical devices and processes, while traditional IT systems are mostly concerned with keeping data and information safe. Because of this main difference, OT security is very hard, especially since OT networks are becoming more and more linked to IT networks, which makes them more open to cyber dangers.

Scaling: How We Process 10^30 Network Traffic Flows

Forward Networks ensures that the world's most complex and mission-critical networks are secure, agile, and reliable. A mathematical model of the network, including computations of all possible traffic paths, is built by collecting configuration data and L2-L7 states from networking devices and public cloud platforms.