As 2024 comes to a close, today, I’m reflecting on some of the key events and trends that shaped my offensive security research this year. From publishing my first book to writing regular blogs on some of cybersecurity’s hottest topics, each piece has contributed to a clearer understanding of the evolving digital landscape.

In an era where data breaches make headlines almost weekly and cybercrime costs businesses billions annually, states across the U.S. are taking decisive action to protect their residents’ sensitive information. From California’s groundbreaking privacy laws to New York’s rigorous cybersecurity requirements for financial institutions, state-level regulations are rapidly evolving to address the complex challenges of digital data protection.

The WAN landscape is evolving at a rapid pace, driven by demands of cloud, mobility, and globalization. MPLS (Multiprotocol Label Switching), a legacy transport technology, once the gold standard, now struggles to meet modern business requirements.

Microsoft 365 is now an important tool for businesses and organizations around the world. It has a full set of productivity and collaboration apps. However, with the increasing reliance on this platform, the need for robust security practices has also become more critical. Cyberthreats are constantly evolving, and it is imperative for organizations to stay updated with the latest security measures to protect their data and systems.

The main difference between Just-in-Time (JIT) access and Just Enough Privilege (JEP) is that JIT access focuses on how long access is granted, which is only on an as-needed basis. On the other hand, JEP focuses on what access is granted. Although both strategies minimize the risk of standing privileges, JIT access and JEP function in different ways with different priorities. Continue reading to learn more about JIT access, JEP, their key differences and how they work together in access management.

A newly discovered critical vulnerability, CVE-2024-53677, in Apache Struts enables remote code execution (RCE) and is actively exploited in the wild using a publicly available Proof-of-Concept (PoC). Apache Struts is an open-source framework for building Java-based web applications. It helps developers create scalable software solutions, that powers everything from e-commerce websites to financial systems and government platforms.

In this digital age, where cyber threats are always evolving, keeping private data safe has become important for both people and businesses. Encrypting passwords is an important part of data security because it keeps user information hidden from attackers who shouldn't have access to them. Advanced algorithms are used to encrypt passwords into unreadable form. This makes encryption a strong defense against breaches and identity theft.

We’re excited to share new updates and enhancements for December, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.

From external collaboration and compliance to key financial info and intellectual property, here are five areas that need Zero Trust as a priority. In mid 2024, Gartner research found that 63% of global organizations had fully or partially-implemented a Zero Trust strategy, but these strategies only covered a small portion of the organization’s environment and that many enterprises were still “not sure what the top practices are for Zero Trust implementations.”

Digital forensics, which is sometimes called the "science of the digital age," is very important for finding digital proof and solving cybercrimes. Because of how connected everything is these days and how almost everything leaves a digital trail, digital forensics gives us the methods and tools to find, collect, study, and keep data for future investigations.