Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 29, 2024, a security researcher disclosed the discovery of malicious code in the most recent versions of XZ Utils data compression tools and libraries. The code contained a backdoor, which a remote threat actor can leverage to break sshd authentication (the service for SSH access) and gain unauthorized access to the system, potentially leading to Remote Code Execution (RCE).

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

Today, consumers can shop, sell, research, and work using their smartphones. Advancements in technology have made it possible for users to complete countless transactions through their phones anywhere and anytime. One of the most common phone scams targeting modern consumers is subscriber identity module (SIM) swapping. This short guide will outline the dangers of this subtle attack on devices and how consumers can protect themselves.

A comprehensive guide to the basics of IAM, its benefits, and best practices.

Explore ATLSECCON 2024: a journey through mindfulness, risk management, Active Directory security, understanding containers, and more in the far North of Halifax.

In our always-online world, we're facing a new kind of cyber threat that's just as sneaky as it is harmful: subtextual attacks. These aren't your run-of-the-mill security breaches; they're cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat.

Achieving and maintaining compliance in the cloud proves challenging for many organizations, as it is a complex, ongoing effort that includes safeguarding sensitive data and ensuring infrastructure resources are correctly configured. Success often hinges on the ability to monitor compliance-related trends over time, enabling organizations to spot risk patterns, gauge their current compliance posture, and adapt as new risks emerge. However, gathering this data can be difficult.

The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.

SecurityScorecard STRIKE threat researchers discovered 12 zero-days in customer environments in the last year. Attacks are increasingly targeting third-party software. The zero-day vulnerability that emerged in Progress Software’s MOVEit Transfer product last year was a stark reminder of the real-world impact of such vulnerabilities. It wreaked havoc on businesses and governments worldwide, with cyber criminals exploiting it since May of 2023.

‍ Over the past few decades, cyber attackers have increasingly wreaked havoc on the market, taking advantage of newer, more sophisticated ways to exploit system vulnerabilities. However, in fear of losing competitive advantages, organizations had notoriously downplayed the impact of these attacks, misleading investors and resulting in stock prices that did not accurately represent the risk landscape. ‍