The Cybersecurity and Infrastructure Security Agency (CISA) released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model for public comment.

Microsoft is currently investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. The exploitation of this vulnerability may allow a remote attacker to take control of an affected system. In addition, this vulnerability has been detected in exploits in the wild. 

How CISOs approach technologies and hiring decisions will go a long way in determining how their security posture evolves this year and beyond. There’s an important balance to strike between the two, and you can’t determine the right mix without taking a step back to understand the business itself.

Many security teams are still playing catch up on the risks introduced by technologies that were rapidly implemented and poorly vetted during the pandemic, while also being forced to stretch resources to counter increasingly frequent sophisticated attacks. As we edge closer to the reality of hybrid work, it’s critical that security teams begin rigorously preparing. 

The Securities and Exchange Commission (SEC) has sanctioned eight financial services firms for cybersecurity failures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm. 

The United States Department of Homeland Security (DHS) has announced two senior cybersecurity appointments.

How do we protect against this changing enterprise application landscape? Organizations across the world need to lead the adoption of Zero Trust Architecture (ZTA) for cybersecurity as their first principle of implementation.

Hackers are entrepreneurs. After legitimate developers built software-as-a-service (SaaS) businesses by renting access to productivity software, cybercriminals seeking new revenue streams created malware-as-a-service (MaaS) as a dangerous alternative.

To help mitigate cybersecurity risks to managed service provider customers, the Cybersecurity and Infrastructure Security Agency released a resource, providing a framework that government and private sector organizations outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk.