Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A look at the FBI’s recent Qakbot takedown, the return of Bumblebee after a two-month hiatus, and other developing cyberthreats from 2023.

Despite diverse protection measures applied by organizations, data breaches involving Personally Identifiable Information (PII) still cause substantial financial losses across various industries. Between March 2022 and March 2023, compromised customer and employee PII cost organizations $183 and $181 per record, respectively, according to the 2023 Cost of a Data Breach Report by IBM Security.

In one of the most important cybersecurity regulatory developments in recent memory, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies are required to disclose risks in their annual reports beginning on December 15, 2023.

As cyber threats have grown in sophistication and frequency, a paradigm shift in security strategy has become imperative. This shift has given rise to the Zero Trust Security Framework, an approach that challenges the very foundation of trust in network security. User and Entity Behavior Analytics (UEBA) steps into the spotlight as a dynamic force that complements and enhances the Zero Trust Security framework. Let’s discover how UEBA can help organizations achieve zero trust security!

Critical zero-day Citrix CVE-2023-3519 is still being exploited two months after Citrix released a patch. IONIX research found that 19% of the CVE-2023-3519 vulnerabilities are still unmitigated in comparison to only 3% among IONIX customers. In addition, IONIX customers were able to resolve this critical risk three times faster.

The Payment Card Industry Data Security Standard (PCI DSS) aims to prevent financial fraud by securing payment card data. Any company that handles this data must implement security measures to ward off unauthorized access. In this process, you’ll come across key terms like PCI SAQ (Self-Assessment Questionnaire), AOC (Attestation of Compliance), and PCI ROC (Report on Compliance). Let’s focus on the ROC for now.

Cyberattacks striking the financial services industry are more prevalent, dangerous, and hitting faster than ever. To provide much needed guidance and recommended mitigation measures the elite Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the financial services sector and released the report 2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies.

One of the most reliable constants in the cybersecurity world is that threats are always increasing as cybercriminals advance their tactics and develop new ones. It can be a daunting task for organizations to continually stay on top of these threats, protect their own data and assets, and monitor the threat landscape for changes.

Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative and faster than ever. So, understanding attackers’ tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker action in 2022.

Infrastructure testing refers to the process of evaluating and validating the hardware, software, network, and other components that make up a software product's infrastructure. This type of testing is crucial for ensuring that the infrastructure can support the software product and its operations. In today's highly competitive market, where consumers demand fast and reliable services, infrastructure testing has become more important than ever.