Those working in the UK public sector have seen significant upheaval over the last decade thanks to a combination of the long-term efforts to relocate civil servants outside London and, in recent years, the swift adoption of hybrid work practices necessitated during the pandemic. As a result, networks have expanded, the number of devices and endpoints to protect has grown considerably and potential vulnerabilities for attackers to target have increased.

The MITRE ATT&CK framework provides the cybersecurity community with information on more than 100 threat actor groups and the platforms they target. The data within the framework comes from publicly available cyber threat intelligence and reports and security teams and threat researchers. ATT&CK is available for free to anyone who wants to use it.

Digital transformation initiatives like moving servers to the cloud, extending work-from-home privileges, and deploying more IoT devices have expanded attack surfaces, making it easier than ever for threats to slip through. At the same time, the number of cyber threats is growing fast. According to Security Magazine, a cyberattack now happens at least every 39 seconds.

Application security teams often lack the crucial information and visibility needed to find, prioritize, and remediate risks in their most business-critical applications. To solve this application security challenge, ServiceNow and Snyk have partnered to provide a singular view of the risk within these applications — exposing the severity and criticality of vulnerabilities while providing actionable workflows to boost your overall security posture.

I’m thrilled to share some incredibly exciting news – Graylog’s v6.0 is officially here! It’s been quite the journey getting to this point, filled with late nights, endless cups of coffee, and an unwavering commitment from our amazing team. As we unveil this latest version, I can’t help but reflect on how far SIEM technology has come over the past two decades. Gone are the days when Intellitactics and NetForensics reigned supreme.

The Cyber Resilience Act (CRA) is a new cybersecurity regulation that aims to ensure the security of “products with digital elements” (PDEs) sold in the EU market.

In today's digital battleground, it seems like a week doesn’t go by where we don’t hear about some kind of data breach involving identity security. It's easy to become desensitized to the constant stream of identity security compromises. Yet, beneath the surface, a silent war is waged against the very essence of our online identities. Each breach is a battle fought on the front lines of cybersecurity.

Threat actors are always evolving. Whether it is nation-state actors, cybercrime groups, ransomware gangs, or niche teams targeting specific systems – new tools, techniques, and procedures are constantly introduced by attackers. Stopping those threats is challenging in large part because Cyber Threat Intelligence (CTI) remains fragmented.

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that is depended on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

The rise of Generative AI models has sparked a transformative shift across industries, offering unprecedented capabilities in automating tasks, enhancing decision-making, and fostering innovation. As publicly available tools, these models promise a democratization of technology, suggesting that any company can leverage them to boost efficiency and creativity. However, the reality of integrating and optimizing these AI models for specific corporate needs is far from plug-and-play.