The SSH Terrapin attack (CVE-2023-48795) has recently caught attention, targeting the SSH protocol security by truncating cryptographic information. The inherent flaw in the SSH protocol itself affects a wide range of SSH client and server implementations. Following our initial research communication, this post will detail its fundamentals and impact.

According to CISA, since the latter part of 2021, the perpetrators behind Snatch Ransomware have persistently adapted their strategies, capitalizing on prevailing tendencies and the operational successes of other ransomware variants within the cybercrime arena. Snatch has cast a wide net, targeting numerous sectors critical to infrastructure, including but not limited to the Defense, Industry, Food and Agriculture, and Information Technology sectors.

Navigating the federal government’s cybersecurity standards and processes is not easy. Figuring out how to comply with all of the various standards and controls is a lengthy process involving thorough auditing and analysis Mediaof your entire organization from top to bottom. When government contracts and sensitive information is at stake, though, it’s all taken very seriously. Today, we’ll talk about the FedRAMP impact levels and explain each one.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we explore multi-factor authentication (MFA) fatigue attacks, what needs to be addressed to combat them and secure user data, and the roadmap to a positive identity and access management. The attack sprees never end, do they? Protecting user accounts from being compromised by hackers has always been a priority.

The year 2023 marked a turning point in web security, with the industry witnessing both groundbreaking advancements and formidable challenges. This report offers a panoramic view of the web ecosystem, highlighting the collective efforts and pivotal breakthroughs across the sector. Dive into a detailed exploration of the year's most impactful developments in securing the web ecosystem.

Organizations must always be aware of the constantly changing compliance landscape to protect their sensitive assets and avoid paying millions in fines. The rapid development of cyber threats fueled by the global pandemic and cyberwarfare have forced the European Union (EU) to update its NIS Directive. We understand the pain of having to read hundreds of requirements and legislation documents, so we’ve done it for you.

How many of us use ChatGPT? And how many of us use SaaS applications as part of our daily workflows? Whether you know it or not, if you use either of these tools, your data has likely traveled beyond the boundaries of your “fort.” What do I mean by “fort,” exactly? For this guide, consider your “fort” to be somewhere where you can monitor and secure your data. When data leaks outside your “fort,” it presents a myriad of possible risks.

Storing large amounts of sensitive data and allocating minimal resources to cybersecurity makes the education sector attractive to cybercriminals. Education organizations are also a prime target for cybercrime, given their historic reliance on large distributed networks, the rise of remote learning, and their need for relevant cyber hygiene training.

The healthcare industry stores an abundance of sensitive information and relies on third-party vendors for critical business services, two factors that make the sector a prime target for cyber attacks. In 2022, 707 data breaches compromised 500 or more patient accounts, according to report records from the Department of Health and Human Services’ Office For Civil Rights (OCR).