At one time, the internet was seen as a place where users could remain anonymous: they could scroll from the privacy of their screen. Today, we know that’s no longer the case. In an attempt to sell more products, and create a personalized digital experience, tech firms, companies and advertisers track and analyze each user across the digital landscape. Privacy is still important to users: 90% of individuals in a recent global survey said online privacy was important to them.

The protection of sensitive information is critical for any organization, especially when it involves national defense. The effort is not only for protecting the information but also ensuring that the organization meets regulatory compliance and policies. The US government’s efforts to break down information silos and improve sharing of data have led to an increase in the number and diversity of people accessing and working with CUI.

On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in the Barracuda Email Security Gateway (appliance form factor only) versions 5.1.3.001-9.2.0.006. In its security advisory, Barracuda said the vulnerability existed in the Barracuda software component responsible for screening attachments for malware. In subsequent days, Barracuda deployed a series of patches.

Effectively utilizing a risk register allows your organization to anticipate and overcome challenges with confidence. No GRC program is failproof, which is why it’s so critical to take a thorough look at potential risks and remediations. To make sure you’re starting on the right foot, we’ve provided a free, downloadable risk register template you can use once you have a better understanding of what it does.

“Technology trust is a good thing, but control is a better one.”

The vastness of the deep and dark web can easily turn attempts to monitor for cyber threats into a firehose of useless information. Part of the problem is the nature of the data streams that need to be monitored. Every day, more credentials are stolen and exposed. Illegal criminal forums are full of repeated spamming of illicit advertisements. Thousands of new domain names are registered daily, including many that can be considered typosquatted.

Unlocking the potential of the Internet of Things (IoT) requires a secure and efficient way to manage digital certificates. Enter PKI, or Public Key Infrastructure. This powerful technology has been at the forefront of securing communications for years, but now it’s taking on a whole new level by being delivered from the cloud.

On Tuesday, June 6, 2023, Barracuda announced that all ESG appliances compromised via CVE-2023-2868 must be immediately replaced, regardless of the current patch version. Barracuda ESG is an email security gateway that manages and filters inbound and outbound email traffic within an organization’s network. On May 18, 2023, Barracuda identified CVE-2023-2868 after being alerted to anomalous traffic originating from ESG appliances.

In the rapidly evolving digital landscape, ensuring robust application security is paramount for organizations. With the emergence of AI-powered attacks and other sophisticated threats, it is crucial to integrate comprehensive Application Security Testing (AST) into the Software Development Lifecycle (SDLC).