Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On December 26, 2023 the Department of Defense (DoD) unveiled the long-anticipated Proposed Rule for the Cybersecurity Maturity Model Certification (CMMC) Program, sending a clear message to defense contractors that CMMC is happening sooner than many thought, and that those taking a “wait and see” attitude can no longer wait to prepare.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. If there ever was a good example of what can happen if you don’t have a good password and no 2FA enabled, this is it.

In the ever-evolving cybersecurity landscape, organizations are constantly striving to enhance their defenses against organized malicious actors. As cyber attacks become more advanced, regulatory bodies have created and enforced compliance requirements to ensure that organizations protect sensitive data and systems. One groundbreaking solution that can help your organization meet these challenges is Extended Detection and Response, known as XDR.

Although SIEMs have existed for more than 20 years, many organizations still fail to achieve full data visibility into their environments. Two problems compound this challenge. First: attack surfaces. As organizations scale their digital infrastructures and bring on new applications, the amount of data analysts need to monitor and analyze increases exponentially.

Technology trends may come and go, but cloud storage has become a mainstay for efficient data management. Instead of relying on physical drives such as local SSDs, the cloud allows users to store their data securely in remote data centers. On the other hand, traditional storage methods, such as hard disk drives (HDDs), have been storage mainstays for decades. Through magnetic spinning disk technology, HDDs have been reliable for long-term storage.

Welcome to 2024 and a new monthly feature here at GitGuardian, a comic strip called "Guardian Goofs." If you like it, please show it some love by hitting one of those "share" links below it. And check back on the first Thursday of each month for the newest "Goof." Share this article on Twitter, HackerNews, LinkedIn, or Reddit.

Knowledge is power. Power is money. In the context of information systems and applications, knowledge is ingested, processed, and used as data. Data theft or loss can be devastatingly costly to a business. Data is one of an organization’s most valuable assets, and must be secured and protected as such.

The challenge of telling humans and bots apart is almost as old as the web itself. From online ticket vendors to dating apps, to ecommerce and finance — there are many legitimate reasons why you'd want to know if it's a person or a machine knocking on the front door of your website. Unfortunately, the tools for the web have traditionally been clunky and sometimes involved a bad user experience.

Anyone can get scammed. If you think you're somehow immune to being scammed, then, in my opinion, you're a prime target for being scammed. No one is too big, too clever, too security-savvy to avoid being duped because it's only human to make a mistake and screw up. And that certainly seems to be the case with Bill Lou.

Arctic Wolf Labs is aware of several instances of ransomware cases where the victim organizations were contacted after the original compromise for additional extortion attempts. In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organizations, offering to hack into the server infrastructure of the original ransomware groups involved to.