In cybersecurity, triage is a cyber incident response approach to identifying, prioritizing, and resolving cybersecurity attacks, threats, and damages within a network. When simultaneous and multiple attacks occur, an IT security team must prioritize which system or device to assess in order to mitigate, remediate, and salvage important devices and data from further damage.

The Department of Homeland Security (DHS) on September 16, 2022 announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country with funding in the amount of $200 million for Fiscal Year (FY) 2022, $400 million for FY 2023, $300 million for FY 2024, and $100 million for FY 2025.

Moving to the cloud is becoming a business necessity. Cloud technologies are flexible and scalable and less expensive to maintain than on-premises solutions, allowing companies to easily adapt as business needs change. The only real barrier to making the move is concerns about cloud migration security.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Oh dear Microsoft… Really? Should know better…

‍OAuth (pronounced "oh-auth”) is an authorization framework that allows an application to request “secure delegated access” to third-party systems on behalf of the apps’ users or the “resource owner.” Simply put, with OAuth, users can grant websites and applications access to their information on other websites without providing important credentials like passwords. OAuth stands for "Open Authorization”.

During the Vendor Risk Management process, information is in constant flux. From risk assessments to risk remediation processes, communication involving sensitive security control data continuously flows between an organization and its monitored vendors. If intercepted, this information stream could be used as open source intelligence for a third-party data breach campaign, nullifying the very efforts a VRM program is trying to mitigate.

The vulnerabilities perforating the global supply chain have remained dormant for many years. But the violent disruptions of the pandemic finally pushed these risks to the surface, revealing the detrimental impacts of their exploitation to the world.

On Thursday evening, around 6:25 PM, Uber announced that it was responding to a cybersecurity incident. While Uber hasn’t gone into details about what happened, the purported threat actor has openly corresponded with several security professionals, including Sam Curry at Yuga Labs, Corben Leo at Zellic.io and The New York Times. According to both Curry and Leo, multiple systems were impacted.

A successful building project requires vast data, from architects' drawings to engineers' calculations to builders' material lists. Projects can quickly become chaotic without a platform to unify and manage this data as important information gets lost in the shuffle. That's why it's vital to have a system for unifying design and construction project documents. By unifying all the data in one platform, everyone involved in the project can easily access the information they need when they need it.