Whether it is reporting a phishing email or something that might be illegal that a coworker is doing, your employees should be a strong last line of defense for security and compliance. According to Gartner, almost 60 percent of all misconduct that is observed in the workplace never gets reported. For decades both compliance officers and security leaders have known that the earlier employees report incidents, the lower the risk. Yet low reporting rates continue to be a problem.

Russia’s APT28 (also known as “Fancy Bear” or “BlueDelta”) is using spear phishing to compromise Ukrainian government and military entities, according to researchers at Recorded Future. The phishing emails are designed to exploit vulnerabilities in the open-source webmail software Roundcube.

We just introduced what we believe is a unique application of real-time, deep learning (DL) algorithms to network prevention. The announcement is hardly our foray into artificial intelligence (AI) and machine learning (ML). The technologies have long played a pivotal role in augmenting Cato’s SASE security and networking capabilities, enabling advanced threat prevention and efficient asset management. Let’s take a closer look.

The DoJ launches a cyber unit to prosecute nation-state threat actors, cybercriminals use expired AWS S3 buckets to distribute malicious code, and a new exfiltration malware targets RDP workloads.

In today's rapidly evolving digital landscape, cybersecurity remains a top priority for organizations of all sizes. As a leading provider of security solutions, we appreciate and understand the pressures of the current threats that organizations face daily. A critical risk often faced by suppliers is supply chain security. A supply chain attack can undermine a company’s operations and introduce risk at unprecedented levels, potentially leading to a catastrophic outcome.

Our findings, outlined in our new report and upcoming webinar, reveal a concerning inconsistency between organisations’ level of trust in their own cybersecurity status and their readiness to achieve true cyber resilience.

A cyber risk management strategy is a plan for how you will secure your organization from evolving cyber threats. Your strategy is made up of key elements that work together to create a comprehensive approach to proactively mitigating risks and protecting organizational assets. Here are the basic steps you should take to develop an effective cyber risk management strategy.

The recent US National Guard leak has once again focused attention on the risk that overprivileged access poses. A massive intelligence breach occurred when Massachusetts US National Guardsman Jack Teixeira, an IT specialist with a top secret security clearance, accessed and printed classified files and posted them to a civilian Discord chat room. He did this after having been previously reprimanded for his mishandling of classified information.

I’ve always had a great love of all things wireless/RF for as long as I can remember. The ability to send frames/packets of data out into the world (the airwaves!) for anyone with the right equipment and looking at the right frequency to pluck them out and reconstruct them - amazing! I am still the proud owner of both ORiNOCO Gold and Silver PCMCIA cards, these two bad boys defined wireless hacking back in the early 2000’s.

This is the second article in our Application Security 101 mini-series. Read our first blog on how to configure HTTP response headers with security best practices. This time we’re going to discuss another misconfiguration that we often find during website penetration testing. This is not necessarily a ‘vulnerability’, however information disclosure via HTTP response headers can provide exact version information of the web server or web technologies in use on the underlying host.