A recent study from Security Compass found just 25% of organizations surveyed conduct threat modeling during the early phases of software development—requirements gathering and design—before proceeding with application development.

The number of cyberattacks increased by 17% compared to Q1 2020, and compared to Q4 2020, the increase was 1.2%, with 77% being targeted attacks, according to a new Positive Technologies Cybersecurity Threatscape Q1 2021 report. Incidents involving individuals accounted for 12% of the total.

Google’s Threat Analysis Group (TAG) has discovered four in-the-wild 0-day campaigns targeting four separate vulnerabilities this year, all which can be particularly dangerous when exploited and have a high rate of success.

While this is a step in the right direction, there are some confusion, speculation and rumors related to CMMC accreditation. The following are three common misconceptions around CMMC certification, with clarification to help organizations requiring CMMC certification to stay well-informed on the necessary guidelines and procedures.

Because cybersecurity events are complicated, we rely on analogies to understand how they work. Analogies are useful, but certain oversimplifications are perpetuating inaccurate narratives. These inaccuracies misdirect productive discussion and as a result, proposed policy and solutions are being based on faulty assumptions. A faulty premise can only yield flawed results…and cyber national security is not an area in which the United States has margin for error.

Bitdefender security researchers have discovered a threat group likely based in Romania that's been active since at least 2020. They've been targeting Linux-based machines with weak SSH credentials, mainly to deploy Monero mining malware, but their toolbox allows for other kinds of attacks.

REvil ransomware gang’s website and infrastructure has gone offline, about a week and a half after the news of the group’s cyberattack on IT software vendor Kaseya.

SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

Capable cybersecurity professionals can expect to be spoiled for choice in the job market today and well compensated for their in-demand skillsets. For those considering entering the field, I’d like to lay out the state of security today, explore potential career paths, and provide some guidance on the steps you can take, including skills you can develop to make it happen.