Establishing a thriving security culture across your organization will rely heavily on your developer teams. Therefore, engaging with developers early and often while you build your security program is vital. In this playbook for Chief Information Security Officers (CISOs), we explore how to build a security culture across your organization by considering the following three things.

The ongoing geo-political crisis in Eastern Europe continues to be the scenario of deployment of a variety of payloads linked to information stealing and data/network destruction. The deployment of these payloads has been associated or contingent with Military actions as Microsoft and ESET have observed in some of their publications. These campaigns have targeted critical infrastructure affecting civilian populations in addition to military targets.

In today’s global economy, businesses are required to comply with stringent regulatory frameworks that necessitate identity verification for their clients. The process of verifying customer identities, commonly known as Know Your Customer (KYC), can be a complex and time-consuming task for businesses.

It can be difficult for architecture, engineering, and construction (AEC) firms to keep up with the latest project updates and ensure all stakeholders are kept informed. To help streamline project management processes, Egnyte is proud to introduce the project homepage – making critical information more accessible than ever before.

“Black Swan” author Nicholas Nassim Taleb once wrote that “intelligence consists in ignoring things that are irrelevant (avoiding false patterns).” Organizations must take this definition to heart as they incorporate Identity Security intelligence – an essential element of any Zero Trust cybersecurity strategy. Many organizations have dedicated Security Operations Center (SOC) teams responsible for their threat detection, investigation and response efforts.

A lot has changed since Sumo Logic last gave our two cents on how to secure Office 365. In the meantime, Office 365 has become Microsoft 365 (M365), and Sumo has continued evolving and expanding its security offering. Today’s threat actor is adept at compromising M365 accounts through various methods. Stealing credentials through phishing email campaigns and brute-force attacks has become commonplace.

The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat." The agency's new directive compels the aviation industry to improve their defences against malicious hackers and cybercriminals, just days after Preisdent Biden announced its National Cybersecurity Strategy that seeks tighter regulations to protect the United States's critical infrastructure.

Netskope Threat Labs is tracking a 17x increase in traffic to malicious web pages hosted on DigitalOcean in the last six months. This increase is attributed to new campaigns of a known tech support scam that mimics Windows Defender and tries to deceive users into believing that their computer is infected.

Velero is an open-source tool that allows you to backup and restore your Kubernetes cluster resources and persistent volumes. Velero backups support a number of different storage providers including AWS S3. The process of setting up Velero backup with S3 using AWS credentials has been documented by Velero here. However, at the time of this post, there is no official documentation on how to set up Velero using IRSA or IAM Roles for Service Accounts.

Legal authorities and the general public typically hold organizations accountable for any harm caused during their daily operations. The expectation is that leaders of those organizations have considered the potential harms that might happen, and implemented reasonable precautions to reduce or eliminate the risks. This is known as the “DoCRA standard.”