Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Earlier this week, we debuted our mini-series on the SEC’s new cybersecurity rules. In case you missed it — and, understandably, don’t have the bandwidth to backtrack — Part I explored how the (seemingly perpetual) explosion in data creation, data value, and IT complexity since the dawn of the digital age has come to shape our society. In particular, we note why these trends are responsible for our current IT predicament, namely, the rise in threats, risks, and regulations.

Anastasios Stasinopoulos from OBRELA LABS Team discovered a security flaw that affects Apache Superset (before 3.0.4, from 3.1.0 before 3.1.1), an open-source modern data exploration and visualization platform. Apache Superset error handling can be manipulated in order to allow data retrieval from the backend database.

Late last year, the Computer Emergency Response Team of Ukraine (CERT-UA) released an advisory that reported cyberattacks targeting Ukrainian state organizations attributed to the Kremlin-backed nation-state group APT28, aka Fancy Bear/Sofacy. The advisory listed the use of a new backdoor named “OCEANMAP,” detailed in this whitepaper.

In the rapidly evolving landscape of cybersecurity, staying ahead of threats requires not just vigilance but advanced technology. Sentinel, Microsoft’s cloud-native Security Information and Event Management (SIEM) solution, represents a leap forward in the way organizations detect, investigate, and respond to cyber threats.

In the digital age, where data is the new gold, ensuring the security and efficiency of network communication is paramount for businesses of all sizes. The Server Message Block (SMB) protocol plays a crucial role in facilitating file sharing, network browsing, and printer access among devices on a network. Understanding SMB port numbers is essential for IT professionals looking to optimize and secure their networks.

Despite best efforts to accommodate third-party risk management (TPRM) processes that correspond with increased use of third-party vendors, incident outcomes seem to grow as well. The 2023 global average cost of a data breach was USD $4.45M, a 2.3% year over year increase. In the United States, the average cost of a breach is higher at USD $9.48M.

‍ Today, cybersecurity is evolving into cyber risk management. The last few decades of immense technological and digital transformations have meant that, to a large extent, a business’s ability to be resilient is dependent on a reliable, free flow of data and on technology functioning without interruption. This shift has profound implications for the global economy’s ability to remain stable. ‍

In today’s digital age, ransomware attacks have emerged as one of the most formidable threats to organizations worldwide. These malicious software attacks encrypt files on a device, rendering them inaccessible to users, and demand a ransom for decryption keys. The impact of ransomware can be devastating, leading to significant financial losses, operational downtime, and reputational damage.

What you should know about the SEC's new rules on risk management and incident reporting.

The rise of remote learning has motivated cybercriminals to advance their assault on the education sector. In 2022, cybercriminals deployed more than 2200 attacks against higher education institutions every week, a 44% increase compared to 2021 (Check Point, 2022). Risk professionals attribute this increase to various factors, including the structure of remote learning environments.