Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A list of 18 procedures (reduced from 20), or “controls,” recommended by the Center for Internet Security (CIS), must be followed to build an IT infrastructure resistant to cyberattacks. The CIS 4th Control advises to establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications) (4.1).

Learn how Atlassians FedRAMP Moderate authorization improves cloud security for U.S. government agencies, enabling secure collaboration with tools like Jira and Confluence.

Security teams now handle up to two million alerts daily, and the time it takes to resolve threats—MTTR—can directly affect business resilience. Cloud-based Extended Detection and Response (XDR) systems address these challenges by streamlining the entire process—from detection to automated remediation. By harnessing cloud-native architectures and response automation, organizations can detect threats faster and cut resolution times significantly.

Threat actors who rely on email phishing scams as their primary method of gaining initial entry use a wide variety of social engineering lures to trick their victims. Trustwave SpiderLabs recently released the report Manufacturing Sector Deep Dive: Methods of Targeting and Breaching, which specifically calls out many noteworthy campaigns and methodologies used by the top-tier threat groups.

These days, securing sensitive data begins with a single word (or, ideally, a few): passwords. In the face of rising cyber threats, the importance of creating, using, and managing secure passwords cannot be overstated. That’s why, each year, the world sets aside the first Thursday in May to recognize World Password Day—an event dedicated to promoting the criticality of password hygiene in both our personal and professional lives.

Organizations operating in today's rapidly changing digital age face mounting threats to the level of security. Deployment of conventional methods to vulnerability management by periodic scans and blanket scoring will no longer be adequate. Instead, strategy should shift direction toward risk-based vulnerability management towards protection of digital assets.

In the vast landscape of cybersecurity, it’s often not the zero-click iPhone exploits or flashy ransomware variants that expose the most users — sometimes it’s the tools we’ve trusted for decades. One such example is CVE-2025-33028, a vulnerability in WinZip, a program that’s been a staple in personal and corporate environments for over 30 years.

In this episode of Security Matters, host David Puner, dives into the world of evolving cyberthreats with Bryan Murphy, Senior Director of CyberArk’s Incident Response Team. Imagine a scenario where an attacker uses AI-generated deepfakes to impersonate your company’s VP of finance, gaining unauthorized access to your environment.

In a previous security bulletin sent by Arctic Wolf on April 17, 2025, we advised of a credential access campaign targeting SonicWall SMA devices along with remediation guidance. As of April 29, 2025, SonicWall has updated their advisories for several vulnerabilities that are now linked to ongoing exploitation in the threat landscape.

On Monday, April 28, 2025, widespread power outages affected large parts of Spain and Portugal. The exact root cause is still under investigation. These disruptions impacted regional infrastructure supporting connectivity, cloud services, and on-site operations.