Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Clifford Stoll, astronomer, author, and teacher, often joked about computer passwords. He said, “Treat your passwords like a toothbrush. Don’t let anybody else use it, and get a new one every six months.”

In January 2023, the European Commission (EC) released an updated version of the European Union (EU) Network and Information Security Directive (NIS2) to strengthen cybersecurity risk management across Europe’s essential services. NIS2 updates the original NIS directive and focuses more on regulations for cloud infrastructure, internet exchanges, domain service providers, and digital service providers.

The Critical Entities Resilience (CER) Directive is a new initiative in the EU that aims to ensure that critical entities providing essential services are effectively managing their network and information security. The CER Directive is part of the EU’s latest effort to build stronger cyber resilience across Europe, alongside NIS2 and the EU Cyber Resilience Act.

On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.

Containers are integral to modern application development portability, resource efficiency, and ease of deployment. But there is a flip side to these benefits. Unlike traditional applications, containers bundle everything needed to run, making them a scattered setup for hidden security issues. 54% of container images in Docker Hub were found to contain sensitive information that could lead to unauthorized access, data breaches, or identity theft.

The Publishers Clearing House (PCH) appeared in 1967, promoting magazine subscriptions, merchandise, time-share vacations, and their famous cash prize sweepstakes. Since 67’ over 11 million people have won PCH sweepstakes, totaling over $593 million in cash winnings. More people than ever have entered the PCH sweepstakes, looking for their chance to win thousands - sometimes millions - of dollars overnight.

This is Part 9 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. In the movie The Matrix, The Key Maker controlled access to many locations and resources with the goal of preventing malicious code from destroying sensitive information. In a rare life-imitates-art situation, organizations today face the same challenge as they work to protect operational processes and corporate information.

In today’s interconnected world, the Internet of Things (IoT) plays a crucial role in various sectors, from healthcare and transportation to energy and critical infrastructure. However, with the increasing reliance on IoT devices comes the heightened risk of cybersecurity threats. To address these challenges and enhance cybersecurity measures across the European Union (EU), the NIS 2 Directive (Directive (EU) 2022/2555) was introduced.

Ransomware, human errors, and disasters are constant threats to your business’s most valuable asset –its data. Traditional backups, while essential, aren’t always enough since ransomware can still infiltrate them. That’s where immutable backups emerge as a crucial layer of protection. They ensure that even if the worst happens, your critical information remains untouched and recoverable.

After a new zero-day vulnerability is announced, the National Vulnerability Database (NVD) publishes a measure of its severity under the Common Vulnerability Scoring System (CVSS). CVSS scores are a crucial tool for organizations as they give an approximation of the severity of disclosed vulnerabilities.