Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2023, cybersecurity continues to be in most cases a need-to-have for those who don’t want to take chances on getting caught in a cyberattack and its consequences. Attacks have gotten more sophisticated, while conflicts (online and offline, and at the same time) continue, including in Ukraine. Governments have heightened their cyber warnings and put together strategies, including around critical infrastructure (including health and education).

Cloudflare has a unique vantage point on the Internet. From this position, we are able to see, explore, and identify trends that would otherwise go unnoticed. In this report we are doing just that and sharing our insights into Internet-wide application security trends. This report is the third edition of our Application Security Report. The first one was published in March 2022, with the second published earlier this year in March, and this is the first to be published on a quarterly basis.

If you're a Microsoft-focused organisation you may be able to leverage the technology you already have to become more secure. Nirvana, for many of the organisations I speak with on a daily basis is to maximise what is already included in their licensing agreement and use the current people already in their IT and security department. This presents a challenge for smaller organisations without the extensive security analyst teams of a big financial institution.

The United States stands at a pivotal juncture for true digital and cyber security, with unlimited potential. The 2023 U.S. National Cybersecurity Strategy presents a fresh perspective on safeguarding digital territory—a perspective rooted in collaboration, innovation, and accountability.

The Confidentiality, Integrity and Availability (CIA) Triad is a crucial information security model that guides and assesses how an organization manages data during storage, transmission, and processing. Each component of the triad plays a vital role in maintaining information security: Although all components are equally essential, we were intrigued to ask cybersecurity professionals which attribute they consider the most important.

The IT future is a cloudy one. Organizations are increasingly relying on cloud servers, as today’s IT environments use a combination of public and private clouds alongside on-premise infrastructure. Gartner® estimates that by 2026, 75% of organizations will adopt a digital transformation model predicated on the cloud as the fundamental underlying platform.

Tesla, an Austin-Texas-based automaker specializing in electric vehicles, employs more than 127,000 workers worldwide today. The automaker has an annual revenue of 53.8 Billion USD and is a significant company that employees rely on to protect their data. Recently, two Tesla employees gave away information that resulted in a breach that could significantly impact workers.

Memory forensics plays a crucial role in digital investigations, allowing forensic analysts to extract valuable information from a computer's volatile memory. Two popular tools in this field are Volatility Workbench and Volatility Framework. This article aims to compare and explore these tools, highlighting their features and differences to help investigators choose the right one for their needs.

Kroll’s Cyber Threat Intelligence (CTI) team has been tracking an uptick in phishing campaigns utilizing open redirects. Open redirects are vulnerabilities commonly found on websites that allow for the manipulation of legitimate URLs, which actors can leverage to redirect users to arbitrary external URLs. They occur when a website allows for user-supplied input as part of a URL parameter in a redirect link, without proper validation or sanitization.

Ensuring your threat detection rules work as intended and provide sufficient coverage for major threats is a critical component of a security program. Red Canary’s Atomic Red Team—an open source library of detection tests that help teams validate the effectiveness of their security measures—has historically been the tool of choice for detection testing.