Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It's an undeniable truth that significant differences exist across many facets of life. Sports figures like LeBron James and Michael Jordan possess exceptional talent, which has propelled them to accomplish feats that defy human capability. Jeff Bezos and Elon Musk's extraordinary business achievements make them the epitome of success and a source of inspiration for many. These examples underscore a crucial point: Some things are just better than others.

Reading this recent Wall Street Journal article about Apple’s push to drive adoption of their Vision Pro “spatial computers” in the enterprise got me thinking: Can VR headsets really make the leap from a cool gadget to a serious business tool? The potential is exciting—imagine the possibilities for collaboration and training. But then my security-focused brain kicked in. How do we manage the risks that come with introducing these powerful devices into the workplace?

Not too long ago, when I was designing, building, operating and defending networks, the government organizations I worked with were burdened with many tasks related to deploying a new capability. We needed to decide and plan how it would be assessed and authorized, deployed, maintained, operated, patched, defended and, of course, when and how to upgrade the capability. Assessment and authorization would take months, if not over a year, for a system or set of capabilities.

Credential theft is one of the most common methods used by cybercriminals to gain unauthorized access to an organization, according to Verizon’s 2023 Data Breach Investigations Report. Credential theft places organizations at a greater risk of data breaches, so steps must be taken to prevent it.

The stereotype of the government as a slow-moving behemoth is not ill-fitting, but when it makes adjustments and changes, it does so with deliberation and intent. An excellent example is the ongoing development and evolution of things like security standards. Technology moves much, much faster than the government can respond to or that even most businesses could adjust to without a significant investment or a time delay.

On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.

Microsegmentation represents a transformative approach to enhancing network security within Kubernetes environments. This technique divides networks into smaller, isolated segments, allowing for granular control over traffic flow and significantly bolstering security posture. At its core, microsegmentation leverages Kubernetes network policies to isolate workloads, applications, namespaces, and entire clusters, tailoring security measures to specific organizational needs and compliance requirements.

Ransomware-as-a-service (RaaS) threat groups are placing severe and continuous pressure on the financial and government services sectors in Latin America, according to data compiled by the elite Trustwave SpiderLabs team. RaaS is where developers working for threat actors manage and update the malware while affiliates carry out the actual ransomware attacks.

In the increasing digitisation of essential services, governments worldwide have been enacting legislation to ensure the protection of vital systems. Australia is like no other, and as we in cybersecurity are all aware, the Security of Critical Infrastructure Act 2018 (SOCI Act) stands as a crucial piece of legislation aimed at safeguarding our nation.

CVEs, or known and cataloged software vulnerabilities, dominate the discussion about open source software (OSS) risk. In 2016, 6,457 CVEs were reported. That number has grown every year since, reaching 28,961 CVEs reported in 2023—an increase of nearly 4.5 times in just seven years. 2024 is already on track to beat 2023, and we will likely see even faster growth once AI is earnestly set to the task of finding vulnerabilities (not to mention creating them).