security (8)

12377954654?profile=RESIZE_400xThe Colonial Pipeline ransomware infection has become a cautionary story about how ‘borking’ critical infrastructure can cause real-world pain, with fuel shortages leading to long lines and fistfights breaking out at gas stations.  Or as Jen Easterly, boss of the US Cybersecurity and Infrastructure Security Agency, warned Congress recently, "Societal panic and chaos."

The CISA Director and other security and law enforcement chiefs stressed the reality in which nation-states operating against Ame

10973927263?profile=RESIZE_400xThe economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, as soon as things get better, they will likely be the first ones to get (re)hired.  Execs have finally realized the importance of cyber security.

There have been massive layoffs by tech and other companies in the last few months.  In December 2022, (ISC)² polled 1,000 C-suite executives from Germany, Japan, Singapore, the UK and the US about whether

Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line.

There are two main reasons why regular pen testing is necessary for secure web application development – Security: Web applications are constantly evolving, and new vulnerabilities are being discovered all the time. Pen testing helps identify vulnerabilities that could b

10952640496?profile=RESIZE_400xFirst coined by Lebanese-American thought leader Nassim Nicholas Taleb, the term “black swan” refers to unexpected global events that have a profound effect on society. Some are beneficial, like the invention of the printing press; and others are destructive, such as the subprime crisis in 2008.  But they have all altered the course of history.

In recent years, we have bore witness to a surge of black swan events, and they continue to emerge in real time.  They have affected every facet of our l

10909378453?profile=RESIZE_400xIn the era of digitization and ever-changing business needs, the production environment has becomes more attractive.  Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface.  This dramatically increases the need to define an exposure management strategy.

To keep up with business needs while effectively assessing and managing cybersecurity risk, there are two primary elements that

10905394052?profile=RESIZE_400xPoor results reflect that (87%) of US defense contractors are failing to meet basic cybersecurity regulation requirements, according to research commissioned by CyberSheath. The survey of 300 US-based Department of Defense (DoD) contractors found that just 13% of respondents have a Supplier Risk Performance System (SPRS) score of 70 or above. Under the Defense Federal Acquisition Regulation Supplement (DFARS), a score of 110 is required for full compliance.  So, a school grade of “C”, a score of

9519214680?profile=RESIZE_400xNew vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge.  The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7), were discovered and reported by cybersecurity firm Rapid7 in May 2021 with a 60-day deadline to fix the

9296918455?profile=RESIZE_400xA password, sometimes called a passcode, is secret data and is typically a string of characters, usually used to confirm a user's identity.  Traditionally, passwords were expected to be memorized, but due to the large number of password-protected services that a typical individual accesses, this can make memorization of unique passwords for each service (nearly) impractical.

Using the terminology of the US-based NIST Digital Identity Guidelines, the secret is held by a party called the claimant