Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

CVE-2022-42475: Remote Code Execution vulnerability in Fortinet SSL VPN service

On the 12th of December 2022, Fortinet published an advisory regarding an actively exploited remote code execution vulnerability affecting FortiOS through the SSL VPN service. Fortinet has stated that they are aware of at least one instance where this vulnerability was successfully exploited in the wild, though other undocumented cases may exist. The threat actors leveraged the vulnerability to deploy malicious files on the filesystem of affected devices.

2022 End of Year Roundup

In recent times it has become clear to organizations that the handling of data is a very important matter, as the exposure or misuse of data are both a serious threat to an organization's financial standing and reputation, and must be accounted for in each organization's risk posture. In terms of high-profile data breaches, this year has been no different than previous years, seeing its fair share of ransomware attacks and data exposure.

5 Ways to Reduce your Cloud Attack Surface

The emergence of cloud computing transformed the nature of IT ecosystems and infrastructure in many beneficial ways. From cost savings to flexibility to unparalleled scalability, the cloud’s advantages are well-documented. But it’s important not to overlook the fact that migrating to the cloud introduces many new points where unauthorized hackers can try to enter and launch a cyber-attack.

Phishing Attacks: A Summary of Phishing In All Its Forms

A phishing attack is a fraudulent email pretending to be from a safe, familiar, or reliable source intended to induce the email recipient to reveal personal information such as financial information, personally identifiable information (PII), Passwords, or credit and bank account numbers to the writer.

What is Corporate Espionage? Types, Examples and Myths

Using espionage methods for commercial or financial gain is known as corporate espionage, sometimes called industrial espionage, economic espionage or corporate spying. When we think of “espionage,” we usually imagine spies from one country attempting to obtain information about another. However, many of the same techniques — and even many of the same spies — are used in both realms.

CVE-2022-3236: Official Patch Out Now for Remote Code Execution Vulnerability in Sophos Firewall

On Friday, September 23rd, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1 (19.0.1) and older and could lead to remote code execution. In order for a threat actor to exploit this vulnerability, WAN access would need to be enabled for the Webadmin and User Portal consoles.

How does VPN Security help in Data Security & Privacy?

Today in a technology-driven business world, network security is an utmost priority for all businesses, especially for those dealing with sensitive data. More so, in an organization that works in a hybrid environment wherein information and critical data are accessed remotely, the need for securing such data and network is important. This has led to a paradigm shift in the approach of establishing a robust security program and security implementations within the organization.

Featured Post

How the cloud makes cybersecurity stronger

Cloud computing has transformed the software industry in recent years. From productivity applications to communications, business intelligence, and CRM systems, cloud-based systems have come to dominate the market. Indeed, Gartner predicts that by 2025, almost two-thirds of enterprise spending on application software will be directed at cloud-based technology.

Ridgeline Founder Stories: Rusty Cumpston and Jon Geater of RKVST aim to weave trust into digital supply chains

Rusty Cumpston and Jon Geater saw an opportunity to solve a huge supply chain trust problem and were inspired to build RKVST (pronounced as “archivist”), a platform aiming to bring integrity, transparency, and trust to digital supply chains. RKVST enables all partners in the supply chain to collaborate and work with a single source of truth, which can be helpful for tracking nuclear waste, storing historical flight data to optimize aircraft flight plans, and much more.

KYC API: How KYC as a service works

APIs provide rapid and scalable applications for banking, payments, and other businesses that require identity verification for AML and KYC compliance. In most countries, some firms are obliged by law to comply with AML and KYC. When such firms authenticate their consumers, APIs may provide a faster, simpler, and less expensive way to comply while fulfilling speed, security, and privacy demands.