On the 12th of December 2022, Fortinet published an advisory regarding an actively exploited remote code execution vulnerability affecting FortiOS through the SSL VPN service. Fortinet has stated that they are aware of at least one instance where this vulnerability was successfully exploited in the wild, though other undocumented cases may exist. The threat actors leveraged the vulnerability to deploy malicious files on the filesystem of affected devices.

In recent times it has become clear to organizations that the handling of data is a very important matter, as the exposure or misuse of data are both a serious threat to an organization's financial standing and reputation, and must be accounted for in each organization's risk posture. In terms of high-profile data breaches, this year has been no different than previous years, seeing its fair share of ransomware attacks and data exposure.

The emergence of cloud computing transformed the nature of IT ecosystems and infrastructure in many beneficial ways. From cost savings to flexibility to unparalleled scalability, the cloud’s advantages are well-documented. But it’s important not to overlook the fact that migrating to the cloud introduces many new points where unauthorized hackers can try to enter and launch a cyber-attack.

A phishing attack is a fraudulent email pretending to be from a safe, familiar, or reliable source intended to induce the email recipient to reveal personal information such as financial information, personally identifiable information (PII), Passwords, or credit and bank account numbers to the writer.

Using espionage methods for commercial or financial gain is known as corporate espionage, sometimes called industrial espionage, economic espionage or corporate spying. When we think of “espionage,” we usually imagine spies from one country attempting to obtain information about another. However, many of the same techniques — and even many of the same spies — are used in both realms.

On Friday, September 23rd, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1 (19.0.1) and older and could lead to remote code execution. In order for a threat actor to exploit this vulnerability, WAN access would need to be enabled for the Webadmin and User Portal consoles.

Today in a technology-driven business world, network security is an utmost priority for all businesses, especially for those dealing with sensitive data. More so, in an organization that works in a hybrid environment wherein information and critical data are accessed remotely, the need for securing such data and network is important. This has led to a paradigm shift in the approach of establishing a robust security program and security implementations within the organization.

Rusty Cumpston and Jon Geater saw an opportunity to solve a huge supply chain trust problem and were inspired to build RKVST (pronounced as “archivist”), a platform aiming to bring integrity, transparency, and trust to digital supply chains. RKVST enables all partners in the supply chain to collaborate and work with a single source of truth, which can be helpful for tracking nuclear waste, storing historical flight data to optimize aircraft flight plans, and much more.

APIs provide rapid and scalable applications for banking, payments, and other businesses that require identity verification for AML and KYC compliance. In most countries, some firms are obliged by law to comply with AML and KYC. When such firms authenticate their consumers, APIs may provide a faster, simpler, and less expensive way to comply while fulfilling speed, security, and privacy demands.