Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 28th, Red Hat released an advisory for CVE-2024-3094 which is a critical vulnerability identified in XZ Utils – a widely used data compression software included in many Linux distributions. This vulnerability stems from a backdoor inserted in versions 5.6.0 and 5.6.1 of XZ Utils and has been given a CVSS score of 10 out of 10, indicating its severity as critical.

Threat Intelligence is an important capability that many SOCs use to improve their security posture. Understanding what threat actors are targeting and how, can aid in everything from threat hunting to incident response. However, organizations often struggle with how to operationalize threat intelligence data they receive in order to actually accomplish this.

We hear a lot about the cybersecurity skills gap, which the latest research puts at 3.4 million globally. There are lots of reasons why organizations find themselves dealing with a skills deficit — from an actual dearth of qualified talent to internal factors including turnover, lack of budget/competitive wages, limited opportunities for growth and promotion, and lack of training. One aspect that is within a company’s control, but is often unremarked, is unrealistic hiring practices.

One issue that is raised frequently is the way in which security or IT teams struggle to speak the “business language” to members of the senior leadership that take the final decisions on spending and investment.

When it comes to cybersecurity and online protection, many regional ISP and telco providers are very late to the party to defend against malicious actors, like in the case of Russian APT groups. The COVID-19 crisis outlined the importance of the internet and computers. However, it also emphasized the importance of online security. One report showed that over 7.9 billion records had been exposed by data breaches from January to September of 2019.