Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The UK will ban public bodies from paying ransoms and introduce new reporting rules for ransomware incidents. Public sector organisations must prepare to recover without paying. Private firms must notify the government if they plan to pay. Attackers may shift focus to private targets and use data leaks over encryption. Organisations need better visibility, response readiness, and tested recovery plans. Payment is no longer a fallback.

AI is transforming the way we work. There are immense opportunities for automation, intelligent decision-making, and productivity gains. This transformation is a tremendous opportunity, but it also comes with tremendous responsibility, especially when security is involved. For example, AI systems can now act on behalf of users, access sensitive data across tools, and make decisions without oversight, all of which have security implications.

In the first half of 2024, 7.78M attacks hit the UK, driven by AI-fueled threats and persistent exposure. Even with Zero-Trust, human error and zero days can still risk an AI-powered breach. Penetration testing is crucial but with 50+ providers, who can you trust?

As ransomware strains hospital operations and supply‑chain attacks target energy grids, Australia’s public and regulated sectors need proven cyber resilience. At the heart of most breaches lie human error and weak identity controls, making the Infosec Registered Assessors Program (IRAP) assessment program the gold standard for moving sensitive workloads to the cloud.

‘Plague’ represents a newly identified Linux backdoor that has quietly evaded detection by traditional antivirus solutions for over a year. Its primary mechanism involves operating as a malicious PAM, allowing attackers to silently bypass system authentication and establish persistent SSH access to compromised Linux systems.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Broadcom issues again…

The FBI has issued an advisory warning that scammers are distributing QR code phishing (quishing) links via unsolicited packages sent by snail mail. Recipients may scan the code to find out where the package came from, which will land them on a phishing page. This is a variation of a “brushing scam,” where unscrupulous vendors send packages designed to harvest information that can be used in phony positive reviews.

I hear about a ton of similar-sounding scam calls, where the scammer is pretending to be from a service you use (or used), offering you a substantial monthly discount (30% or more) if you pay some fee ahead of time. Sometimes they take the advance fee using your credit card, and sometimes they tell you that you have to get store gift cards. Who would possibly believe that a legitimate vendor would want them to pay with store gift cards? Hundreds of thousands of people.

Shlomi Kushchi is a seasoned system architect at Jit.io, specializing in building security solutions for dev organizations. With extensive experience in cloud computing and event-driven, microservices architecture, he empowers developers to master advanced technologies. Security experts dedicated to shaping insightful editorial content, guiding developers and organizations toward secure cloud app development. Dive into a wealth of knowledge and experience in fortifying software integrity.

Lawyers and law firms are slowly seeking the benefits of cloud storage to help manage client data, share files securely, and keep important data backed up. In 2024, approximately 75% of attorneys used cloud storage for work-related tasks, up 6% from 2023. So, as lawyers start to adopt cloud storage, they may be wondering what the most secure cloud storage is for law firms.