Data security demands robust protection methods in our digital age. Format-preserving encryption and tokenization stand out as robust solutions for safeguarding sensitive information. Understanding the difference between data tokenization and encryption helps organizations protect data while maintaining usability. Modern businesses must choose between encryption vs tokenization for their needs. The choice between these methods impacts system performance and security levels.

Data masking is essential for protecting sensitive information in today’s data-driven world. It ensures that critical data, such as personal and financial information, remains secure from unauthorized access by replacing real data with fictitious or obfuscated values. By replacing real data with fictitious or obfuscated values, data masking safeguards privacy while enabling necessary operations like testing and analytics.

Path traversal, also known as directory traversal, occurs when a malicious user manipulates user-supplied data to gain unauthorized access to files and directories. Typically the attacker will be trying to access logs and credentials that are in different directories. Path traversal is not a new vulnerability and has been actively exploited since the 90s when web servers gained popularity, many relied on Common Gateway Interface (CGI) scripts to execute dynamic server-side content.

Are you worried about your personal information leaking online? Worried your email has breached online or leaked on the dark web? Unsure if you’re passwords are safe? Don’t worry, you’re not alone. Fortunately, encryption is our friend. It is an advanced technology that prevents hackers from stealing our sensitive information, protects us from data breaches, and ensures businesses can comply with data protection laws.

ISO 27001 is one of the most important security frameworks in the world. Any business that wants to operate internationally, especially if they have contracts with certified brands or international governments, or they want to open the door to those contracts, will need to achieve ISO 27001 certification. There’s just one problem: it can take a long time to achieve. How long?

On November 19, 2024, Palo Alto Networks disclosed two critical vulnerabilities in its PAN-OS software, CVE-2024-0012 an Authentication Bypas, and CVE-2024-9474 a Privilege Escalation. These vulnerabilities enable attackers to gain unauthorized administrative access and escalate privileges to root level. Exploitation of these vulnerabilities, observed in the wild, has been attributed to a targeted campaign dubbed Operation Lunar Peek.

In the high-stakes world of cybersecurity, organizations must ensure that their teams not only protect the organization but also stay motivated and productive. One of the most insidious threats to achieving this goal is alert fatigue. When analysts are bombarded with thousands of security alerts daily, they risk becoming overwhelmed and disillusioned in their roles.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. Many IP-based protocols such as HTTPS, SMTP, POP3, and FTP support TLS. Secure Sockets Layer (SSL), on the other hand, is a protocol used to establish an encrypted link between web browsers and servers. It uses symmetric cryptography to encrypt the data transmitted. Encryption keys are based on shared secret negotiation at the beginning of any communication session.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from November.