Open source software is a reality of modern computing, and there really isn’t a space where it doesn’t touch at least some aspect of an IT stack. Even the most locked-down software will include libraries and utilities that rose from an open-source project built by well-meaning developers to solve everyday problems. 

The challenge is that while OSS provides numerous benefits, it also creates attack surfaces that organizations can’t control.

That reality came back into sharp focus with the recent disclosure of the MongoBleed vulnerability, which affects MongoDB deployments. While the technical details of MongoBleed are concerning in themselves, the broader issue is not specific to MongoDB. It is about the structural security and compliance challenges that arise when open-source software becomes mission-critical infrastructure.

Read More

Recently, U.S. and allied cybersecurity agencies, including CISA, the NSA, and Canada’s Centre for Cyber Security, issued a series of alerts and analysis reports warning of ongoing malicious activity associated with a sophisticated backdoor malware known as Brickstorm. This malware, attributed to state-sponsored threat actors linked to China, has demonstrated the capability to maintain long-term, stealthy access and to evade detection within targeted networks, posing significant risks to the government and critical infrastructure sectors.

Read More

In the earliest days of what could be considered cybersecurity, the primary threats were malicious programs that would operate against the wishes of the machine and its operator. These programs, referred to as viruses, served as the progenitors of what we generally refer to in modern parlance as malicious software or “malware.”

Because the long history of malware and anti-malware protection is often the foundation of most compliance frameworks and approaches to cybersecurity, we’re touching on the topic, including what it is and how it has evolved. 

Read More