Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Compliance management has emerged as a cornerstone of sustainable growth and risk mitigation. Companies today face increasing regulatory demands while striving to achieve ambitious business objectives. Strategic compliance management, therefore, is not just about adhering to rules but about seamlessly aligning compliance efforts with business goals.

The year 2024 is over, so it’s time to sum up what threats were the most dangerous for DevOps and PMs. Outages, degraded service performance, vulnerabilities, cyberattacks, ransomware – all of those were appearing in media headlines all year round. Thus, for the third year in a row, we’ve decided to analyze incidents related to Git hosting services, like Azure DevOps, GitHub, GitLab, and Atlassian. Our first article in a DevOps threat landscape series is dedicated to Azure DevOps.

In the world of cloud services, transparency has often been treated as a box to check rather than a cornerstone of innovation. Trust and status portals, once an innovative approach for offering visibility into service health and availability, now largely feel stagnant and table stakes providing the bare minimum. But is transparency and visibility just a “nice-to-have”? Some might think so. At Netskope, we see it differently.

In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.

Since the launch of ChatGPT in late 2022, gen AI (generative artificial intelligence) has transformed nearly every facet of our lives, including our professions and workplace environments. Adoption has been driven by employees looking for faster, better ways to perform. For example, applications like ChatGPT, DALL-E, and Jasper are helping employees across industries boost productivity, overcome roadblocks, and brainstorm creative solutions.

The healthcare industry faces a unique and urgent challenge in the ever-evolving world of cyber threats. As businesses across sectors fortify their digital defenses, healthcare stands out as a critical target due to its reliance on interconnected devices and vast repositories of sensitive patient data.

The PSN compliance certificate ensures organisations meet stringent security requirements, paving the way for improved operational integrity. Moreover, compliance can enhance organisational value, guiding strategic decisions and fostering a culture of accountability.

Data poisoning is a type of attack targeting machine learning systems. It involves introducing false or misleading data into a training dataset. This can lead to flawed or malicious outputs from the model. Imagine a machine learning system trained to distinguish between cats and dogs. If poisoned data featuring mislabeled images is fed into it, the system could start making mistakes. It might misidentify a cat as a dog or vice versa.

Developing in the cloud introduces unique challenges for protecting applications, resources, and data. These challenges include but are not limited to detecting legitimate threats to your environment and managing complex cloud permissions and access controls.

In Part 1 of our cloud security research and guide roundup, we looked at our contributions to helping you manage cloud infrastructure, data, identities, and access. In Part 2, we share our research, insights, and guides from Datadog Security Labs and The Monitor that support the NSA’s cloud mitigation strategies in the following areas: We’ll also go beyond these common strategies to look at how security plays a role in working with LLMs.