On March 29th, North-Korean linked threat-actors targeted 3CX, a VoIP IPX developer, exploiting a 10-year-old vulnerability (CVE-2013-3900) that made executables appear to be legitimately signed by Microsoft when, in fact, they were being used to distribute malware. The 3CX attack is just the latest in a series of high-profile supply chain attacks over the past year. The SolarWinds attack compromised the Orion system, affecting thousands of organizations, and the Kaseya VSA attack that was used to deliver REvil ransomware also to thousands of organizations and is considered one of the largest security breaches of the 21st century.

As regulatory requirements continue to evolve and data breaches become more common, businesses are under increasing pressure to maintain compliance with industry standards. Compliance monitoring is a crucial aspect of this process, enabling organizations to identify and address potential risks before they lead to costly violations or incidents.

The world is at war; But not in the way most people think. While traditional conflicts rage all over the world from Syria and Yemen to Ukraine, the murkier war against cybercrime rages all around us. This is a war where every corporate network, personal device or piece of software code is a potential battleground, and the casualties are not measured (primarily at least) in deaths, but in the associated cost to the end-user and the economic systems in which they work.

As an Application Security (AppSec) leader, one of the most significant challenges you might face is securing management support for your program. This lack of support often results in under-resourced AppSec teams feeling frustrated and unable to make a meaningful impact. To foster an environment where your team feels valued and prevents burnout, AppSec leaders must prioritize gaining additional resources. In many organizations, security tends to climb the priority ladder slowly, requiring AppSec leaders to put in extra effort to secure the necessary approvals. Here are three strategies that can help you win management buy-in and create a better environment for your team.

With the 5th anniversary of GDPR looming, this regulation continues to be a game-changer, setting the precedent for privacy and data laws around the world. In fact, the United Nations Conference on Trade and Development (UNCTAD) recently reported that 71% of countries now have data protection regulations in place and a further 9% have legislation in development. Countries such as Vietnam and Saudi Arabia have recently introduced new privacy laws. But, as we reflect on the anniversary of GDPR's introduction, just this week we've seen the first billion-dollar fine issued. So, what does this mean for data privacy moving forward?

The cybersecurity landscape has changed almost beyond recognition. Cyber attacks, have grown into an inescapable facet of our daily lives. Everyone, from the world's most powerful people to general consumers, live under the spectre of cyberattacks. Cyberattacks also creep into the military sphere, with the threat of all-out cyber warfare looming large over conflicts across the globe.

Intelligence is now considered essential to the process of identifying, understanding and acting upon threats. According to the "Global Perspectives on Threat Intelligence" study conducted by Mandiant, 96% of decision-makers interviewed for the research believe that it is important to understand which cyber threat actors could be targeting their organisation. Consequently, threat Intelligence should be fully integrated into the internal mechanisms linked to threat detection and response.

Ransomware attacks are one of the biggest threats that CIOs and their teams face today. The impact of a ransomware attack can be daunting, crippling business operations and causing significant financial losses.