Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What are my quantum options? And what has Goldilocks’ porridge got to do with it? You’ve heard that eventually you’ll need to migrate to quantum-safe cryptography. Perhaps you’re raring to go. And yet, here I am, ready to tell you one thing: don’t do anything yet. Your options really depend on your quantum problem, but if you’re looking to migrate your cryptography today, you’re moving way too soon.

On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like mockbin.org and mocky.io.

In the last few weeks, Arctic Wolf Labs has noted an increase in threat activity targeting Okta as an attack vector. The relevant Techniques, Tools, and Procedures (TTPs) span across several different types of attacks. This bulletin will review several key aspects of these attacks.

One of the security features available in Elasticsearch® Service (Elastic® Cloud) is traffic filtering. Traffic filtering enables network layer security by limiting access to the deployment from configured networks only. In addition to the security policies consisting of role based access control (RBAC) employing principle of least privilege, using traffic filtering in conjunction provides greater security.

“Just make us Zero Trust.” Hands up if you’ve ever heard some version of this statement. Gather ten cybersecurity pros in a room, and you’ll have ten frustrated people trying to implement Zero Trust Security Architecture (ZTA). Although boards and non-security executives often understand the ZTA security model at a high level and love the idea of an inherently secure network, security teams keep running into walls during implementation.

Adversaries will always seek to target the weak points in any organization’s protections. Combining Microsoft with ecosystem partners like Tanium strengthens those weak points while giving organizations the power to respond to threats in real time.

Explore CISA & NIST's recent cybersecurity publications. Get key insights into securing vital infrastructure in an ever-evolving threat landscape and how GitGuardian can help.

The EU Network and Information Security (NIS) Directive was adopted by the European Commission in 2016 and focused on establishing comprehensive cybersecurity regulations across the European Union. The NIS Directive is a robust piece of legislation enforced by local laws within each member state, working alongside other EU-wide regulations like the GDPR. The NIS Directive applies to Digital Service Providers (DSPs) and Operators of Essential Services (OES).

ISO 31010 is a supplementary document to the risk management standard ISO 31000. It was developed to support the risk assessment process in ISO 31000, outlining different risk assessment techniques to broaden the scope of an organization’s risk evaluation methods. This post offers a comprehensive overview of ISO/IEC 31010, highlighting the standard’s potential to increase the effectiveness of risk management strategies. Learn how UpGuard streamlines Vendor Risk Management >

ISO/IEC 27002 offers guidance on implementing an Information Security Management System (ISMSP). This international standard is very effective at helping organizations protect themselves against various information security risks through a series of security control categories. However, with the standard addressing such diverse information security risks, cybersecurity teams often find implementation and maintaining alignment a significant challenge.