Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The United States Department of Defense (DoD) views securing the supply chain and the Defense Industrial Base (DIB) as one critical pillar in protecting national security. Dedicated security requirements exist for the protection of federal information systems as well as classified information based on the NIST 800-53 standard. However, several years ago, a gap was identified in the security requirements for the protection of non-federal systems and controlled unclassified information (CUI).

If you enter the term “Purdue Model” into your favorite search engine, the resulting images will vary considerably. There’s almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model. You might even find some diagrams place operator Human-Machine Interfaces at Level 3. Notably, the original 1990 publication defines “operator’s console” as a Level 1 entity.

2021 has been another challenging year for businesses, not least because of the ongoing wave of cyberattacks. Everyone is hoping for some good news in 2022, but realistically, cybercrime slowing down won’t be on the agenda. Cybersecurity and avoiding the threat of data breaches is going to be front of mind for many going into next year. We’ve spoken to two members of our leadership team who’ve shared their thoughts on four trends we’re likely to encounter in 2022.

20th August 2021, dawned a new era for China’s cybersecurity with the passing of China’s Personal Information Protection Law (PIPL) which is the first comprehensive legal attempt to define personal information and regulate its storing, transferring, and processing.

Everyday thousands, if not millions, of dollars are wasted on delays and reworks caused by project teams not having access to the latest files. And while there are myriad reasons for this waste, one of the biggest culprits is field teams' inability to easily access CAD files on-site. Computer-aided design, or CAD, has become the backbone of most construction projects because its precision improves design quality and facilitates better communication through documentation.

Welcome to Elastic’s Log4j2 vulnerability information hub. Here we will explain what the specific Log4j2 vulnerability is, why it matters, and what tools and resources Elastic is providing to help negate the opportunity for malware exploits, cyberattacks, and other cybersecurity risks stemming from Log4j2.

After the Covid-19 pandemic accelerated digital transformation and shifted businesses to online first, cyber-attackers exploited a broader, more sophisticated attack vectors. The rollout of 5G, reliance on supply chains, and increased use of application programming interfaces (APIs) means businesses have more cyber-related vulnerabilities.

In this blog post, we explore Cloud Controls Matrix, what’s included in the framework and how it can provide value for organisations.

As the pandemic continues and employees are finding themselves “stuck at home” for the foreseeable future, companies are coming up with new ways to approach overall wellbeing for their employees. Things like breakroom snacks, on-site gyms, and commuting passes are less appealing and don’t make a lot of sense. So, companies are getting creative in the ways they support their employees during remote work. Here are some of our favorite examples.

PYSA is the most recent ransomware variant known distributed by the Mespinoza Ransomware as a Service (RaaS) gang, which has been infecting victims since 2019. Kroll has consistently observed PYSA in our incident response engagements since 2020 and has noted an increase in frequency of this variant since the second quarter of 2021. Our analysis shows PYSA is opportunistic and not restricted to one sector or geographical area.