When configuring an email client application or an email server to send to relay emails, many questions come to one’s mind, such as which SMTPs should be used, what is the purpose of each of these ports, which are standard ports, which ports allow secure communication and many more.

Small and medium businesses are the backbone of many economies, yet they often do not have the same level of cybersecurity as larger businesses. This is because they think that they are too small to be a target, or they believe that their cybersecurity measures are adequate. In this blog post, we will discuss why SMBs are doing cyber security wrong – and how to get it right!

Cyberattacks often target the retail sector, although many of these threats are aimed at the e-commerce channel, businesses have also reported incidents where in-store Wi-Fi access points and even IoT devices are exploited as attack vectors. This is reflected in several studies, which reveal that, together with the education sector, the fashion industry was one of the hardest hit last year and 60% of retail companies are at risk of suffering an attack.

Injection is one of the top OWASP vulnerabilities for a reason. It can allow attackers to inject their own malicious code into programs, which can result in serious security breaches. This blog post will discuss what injection is, how it occurs, and some of the most common attack vectors. We will also provide tips on how to protect your website and Web Applications from these attacks.

On today’s episode of the Future of Security Operations Podcast, Thomas speaks with Jason Barnes — the former Head of Global Security Operations at Netskope and current Senior Director at Charter Communications.

The team at LimaCharlie continues on its mission to develop the concept of Security Infrastructure as a Service. We added three new team members during the month of June with more coming! We also hosted a webinar on securing your CI/CD pipeline built around some new capabilities we added which allow for the ingestion and monitoring of GitHub audit logs. You can watch a recording of that webinar here: SecDevOps & LimaCharlie - Automating and auditing of GitHub access

Over the last few years, Microsoft 365 has significantly enhanced its native security capabilities. Today, it offers a solid foundation of protection from advanced attacks, making it a popular choice for organizations. However, security threats are advancing rapidly, and Microsoft 365 still has some points of weakness that are leaving users vulnerable. Cybersecurity experts' views on email risk within Microsoft 365 is our most recent report identifying the security risks its users face.

At 2022’s AGConf (1Password’s annual employee conference), every employee received a goodie box to celebrate the event and the company’s successes over the past year. Our theme this year was “space”, so the goodie box included a kit for a Lego rocket ship (very appropriate considering our own CEO is a Lego aficionado).

As many threat actors and groups seek to utilize recently discovered vulnerabilities, the Cyberint Research Team found several XFiles stealer campaigns, in which Follina vulnerability was exploited as part of the delivery phase. Follina is one of the most widespread vulnerabilities discovered throughout 2022. The vulnerability allows a threat actor to perform a remote code execution (RCE) through malicious Word documents. XFiles stealer is a vastly used info stealer that took off during the end of 2021.

The job of a CISO is one of constant change and unexpected challenges. One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both curious students, as well as notable scholars. This is an audience not known for slow-motion progress. They need results, and they expect them quickly. At a large university, the responsibility of a CISO is dizzying.