On its surface, CVE-2021-42292 doesn’t look like the kind of vulnerability that a network-based tool can find reliably. Marked by Microsoft as a local file format vulnerability, security veterans would expect that between encryption and encoding, there would be a million different ways to evade network detection with a weaponized exploit.

The Open Web Application Security Project (aka OWASP) recently announced its latest updates to the venerable OWASP Top Ten list. This publication is meant to bring attention to the most common classes of software-related security issues facing developers and organizations in the hopes of helping them to better plan for and address potential high-severity issues in their codebases.

Like other organizations that are adopting a permanent hybrid or remote-first work environment, Lookout is using our Secure Access Services Edge (SASE) platform to implement cybersecurity that is not tied to the physical office spaces where employees used to work. SASE is a security framework defined by Gartner that has been adopted by many organizations to enable intelligent Zero-Trust access from anywhere without hindering productivity.

In my previous post, I discussed some of the most common types of services offered by managed service providers (MSPs). This brings us to what organizations need to do to prepare to work with an MSP. Here are some considerations to keep in mind.

Today’s cyber threat landscape is extremely challenging. Ransom this, ransom that, ransom everywhere – information technology (IT) professionals must work to protect organizations against the next big ransomware attack. Over the years, the sophistication of ransomware attacks has increased as well as the amount of money demanded and paid out in exchange for the ransom-held information.

Nearly all U.S. executives (98%) report that their organizations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-U.S. executives, according to Deloitte’s 2021 Future of Cyber Survey. Further, COVID-19 pandemic disruption led to increased cyber threats to U.S. executives’ organizations (86%) at a considerably higher rate than non-U.S. executives experienced (63%). Yet, 14% of U.S.

Protecting sensitive data with multi-factor authentication (MFA) has become a requirement for cyber insurance policies. Recent attacks (SolarWinds, Colonial Pipeline, Kaseya) and mandates like the White House’s Executive Order to implement MFA in 180 days or less, are proving that identity and password-related vulnerabilities are a top security threat, and one where you can lose a lot of money.

We’ve recently discussed application security and the trend we’re seeing in which companies are increasingly implementing security early on in the Software Development Life Cycle (SDLC). In our blog post exploring the impact of adopting application security, we described a common scenario involving assessing an application that was ready for release. Through the assessment, critical vulnerabilities were identified, such as an SQL injection, close to the go-live deadline.