Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the past month, the Netskope Threat Labs team observed a considerable increase of SharePoint usage to deliver malware caused by an attack campaign abusing Microsoft Teams and SharePoint to deliver a malware named DarkGate. DarkGate (also known as MehCrypter) is a malware that was first reported by enSilo (now Fortinet) in 2018 and has been used in multiple campaigns in the past months.

Unlike in the 1800s when a safety brake increased the public’s acceptance of elevators, artificial intelligence (AI) was accepted by the public much before guardrails came to be. “ChatGPT had 1 million users within the first five days of being available,” shares Forbes.

The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) is a robust, adaptable method for managing and mitigating information security risks within government agencies and organizations working with government systems. It integrates security, privacy, and cyber supply chain risk management into the system development life cycle.

On October 31st, Atlassian disclosed a significant security vulnerability tracked as CVE-2023-22518, affecting all versions of Confluence Data Center and Confluence Server software. This vulnerability, rated with a critical severity score of 9.1 in the Common Vulnerability Scoring System (CVSS), has the potential to result in substantial data loss if exploited by threat actors. Its critical nature arises from its capacity to inflict severe consequences on an organization’s data integrity.

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is a compliance requirement that all Department of Defense (DoD) Contractors (aka, the Defense Industrial Base) will soon have to meet. See my blog Why is CMMC a Big Deal? for more information about the legal implications of CMMC. The CMMC official mandate is expected to be released from rulemaking in the first quarter of 2024 and be in full implementation in the first quarter of 2026.

When I bring up the topic of security ratings to my CISO colleagues, I typically get one of two reactions. The first half complains about misattribution of issues along with reporting fix times (although accuracy has improved). But the other half understand how to leverage this technology to their benefit to make their jobs easier and their organizations safer. Read below to get under the hood of how to leverage the evolving application of this technology to secure your supply chain.

Business Email Compromise (BEC) is one of the fastest-growing and financially-damaging cybercrimes. It has consistently led the way in cybercrime losses in recent years. According to the 2022 FBI Internet Crime Report, the FBI received 21,832 Business Email Compromise (BEC) complaints, with estimated losses totalling more than $2.7B. Data shows a 38% increase in cybercrime as a service targeting business email between 2019 and 2022.

An application risk assessment is the process of evaluating and understanding the security risks associated with an application. This information is used to help organizations make better decisions about how to protect their applications from potential attacks. By examining factors such as the number of vulnerabilities and the time needed to patch them, they are able to estimate the possibility of an attack on their application.

Major incidents like cyber attacks, terrorism, and pandemics are likely in the making right now but it doesn’t mean they’re inevitable. Learning from past incidents, asking the hard ‘what ifs’, and helping businesses build organizational resilience is always top of mind for security leader Sarah Armstrong-Smith.

Quantum computing might sound alien and strange - but it’s a revolutionary new technology. It’s a novel way to calculate using the principles of fundamental physics and to find solutions to very complicated problems very quickly. We have come a long way since the abacus; now, almost all of our complex calculations are done with digital computers. Looking to the future, quantum computers are ready to take us to another dimension of computing.