Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NIST released the much-anticipated update to its popular Cybersecurity Framework (CSF) in February 2024. The NIST CSF is one of the most widely used cybersecurity frameworks, designed to help organizations of any size in any industry holistically start, mature, and sustain a cybersecurity program. The latest version of the NIST CSF—NIST CSF 2.0—brings several enhancements over the previous version. This article will cover what you need to know about the new NIST CSF 2.0.

In the past few years, we have witnessed a significant shift in the attack landscape, from stealing clear text credentials to targeting session-based authentication. This trend is driven by the proliferation of multi-factor authentication (MFA), which makes it harder for attackers to compromise accounts with just passwords.

Companies today face a wide range of potential threats to digital security. From cyber attacks with malicious intent to internal threats from negligent employees, IT and security teams face remarkable challenges in the modern enterprise environment. Add to the equation that many companies now operate under a hybrid model in which some employees may use personal devices for work purposes, and it’s exceedingly complicated to establish ironclad security policies and incident response plans.

Have you ever thought about how and why passwords are cracked? This article introduces password cracking, focusing on common strategies and tools used by security professionals and malicious users. We also discuss the composition of secure passwords, and why certain approaches are more effective than others. Cracking passwords can be done very easily in certain situations. The time taken and likelihood to successfully crack a password often depends on the password strength.

In the domain of software testing and security analysis, fuzzing has emerged as a powerful technique for uncovering vulnerabilities and enhancing the resilience of software systems. Microsoft and Google have been using fuzzing for ages. They were early adopters of fuzzing technologies to test their own systems. Since launching in 2016, Google's OSS-Fuzz, a free fuzzing platform for critical open-source projects, has helped fix over 8,800 vulnerabilities and 28,000 bugs across 850 projects.

On March 29, 2024, a security researcher disclosed the discovery of malicious code in the most recent versions of XZ Utils data compression tools and libraries. The code contained a backdoor, which a remote threat actor can leverage to break sshd authentication (the service for SSH access) and gain unauthorized access to the system, potentially leading to Remote Code Execution (RCE).

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

Today, consumers can shop, sell, research, and work using their smartphones. Advancements in technology have made it possible for users to complete countless transactions through their phones anywhere and anytime. One of the most common phone scams targeting modern consumers is subscriber identity module (SIM) swapping. This short guide will outline the dangers of this subtle attack on devices and how consumers can protect themselves.

A comprehensive guide to the basics of IAM, its benefits, and best practices.

Explore ATLSECCON 2024: a journey through mindfulness, risk management, Active Directory security, understanding containers, and more in the far North of Halifax.