Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Perhaps the most popular of gig ticketing systems has notified a breach. Not great…

Digital compliance has become a significant focus for any organisation providing or consuming digital products and services in Europe. With the continuous evolution of digital technology, businesses increasingly struggle to stay on the right side of the law and operate resiliently. So, strategic navigation is crucial.

The last time we wrote about open source software (OSS) for security, we explored how community-driven innovation addresses security problems stemming from the rapid pace of business-driven technological advancements. We posed the question: Can open source security solutions adequately secure and protect the OSS that modern businesses depend on?

The term application security refers to all the practices that are aimed to protect applications from security threats, starting from design and through the development process, up to deployment and maintenance.

Insights about getting started with the MITRE ATT&CK framework, including real-world examples for integrating and improving detection capabilities.

Have you ever really asked yourself why you’re using Google Drive? Sure, they give you a generous amount of free storage and other features, but at what cost? The privacy of your files. Signing up for Google Drive may seem like a good product to help you store your files online, but Google holds all the power when it comes to: As we live in an era centered around technology, the risks to our data increase.

Cybersecurity is a critical and challenging domain that requires constant vigilance, innovation, and adaptation. As cyber threats evolve and become more sophisticated, so do the tools and techniques to defend against them. One of the most effective ways to achieve comprehensive and proactive security is to implement a security information and event management (SIEM) platform that can collect, analyze, and correlate data from various sources to provide actionable insights and alerts.

Did your company fall victim to the LockBit ransomware? Have cybercriminals left gigabytes of your data encrypted, with no easy route for recovery that doesn't involve paying a ransom? Well, don't fear. The FBI announced this week that it had obtained over 7,000 decryption keys for the LockBit ransomware and is urging victims to come forward for free assistance.

Threats to sensitive data are everywhere. From sophisticated cybercriminal syndicates to accidental exposure to nation-state-backed advanced persistent threat (APT) groups and everything in between, it's never been more critical for organizations to have the correct data protection tools.

The ISF (Information Security Forum) Standard of Good Practice (SoGP) is a comprehensive set of best practices designed to help organizations effectively manage their information security risks. Covering various topics, including governance, risk management, compliance, incident management, and technical security controls, it helps establish and maintain a robust information security program tailored to an organization's specific needs and risks.

Social engineering scams can come through any communications channel (e.g., email, web, social media, SMS, phone call, etc.). They can even come in the mail as the Nextdoor warning below shares. Source: Nextdoor They can even come in person and on the television.

More than a quarter (26%) of organizations around the world provide no security awareness training for their employees, according to a survey by Hornetsecurity. The researchers found that smaller companies in particular tend to lack security training programs. “This significant oversight in cybersecurity education highlights a critical vulnerability within the corporate world, particularly in smaller companies,” the researchers write.