The principle of least privilege in cybersecurity prescribes that no user should have access to system resources beyond what’s necessary for fulfilling a specific task. Adhering to this principle has become essential, as one of the primary ways malicious actors breach a system is by compromising (legitimate) user access.

We all have heard and read how the pandemic has disrupted our lives, how it has accelerated digital transformation to an unprecedented extent and how it challenged the existing security policies and practices. The question is how the people responsible for fortifying their organizations experienced the whole situation.

This quick blog is the first in a two-part series discussing a userland Windows exploit initially disclosed by James Forshaw and Alex Ionescu. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver.

With the rise of cyber attacks on web apps, organizations require AST tools that can help manage web application security and compliance. Remember the saga of Equifax and the unpatched Apache Struts vulnerability? It wasn’t that long ago, and it’s one of the most notorious web application security incidents to date.

On June 2nd, 2021, the White House released a memo from Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology. The subject? “What We Urge You To Do To Protect Against The Threat of Ransomware.” It outlines several recommendations on how to protect your organization from ransomware. The memo was a follow-up to President Biden’s May 12th Executive Order on Improving the Nation’s Cybersecurity Order (EO14028).

The term “cloud infrastructure” refers to both the hardware systems and software applications that support a cloud computing environment. This might include cloud storage, virtualization applications, IT management tools, API connectivity, and relevant cloud service providers. In a cloud computing environment, all of the aforementioned IT infrastructure components would be hosted offsite by a service provider and delivered through an internet network.

When safeguarding your business against cyberattacks and data breaches, CISOs and compliance officers can choose from all sorts of information security controls — everything from firewalls to malware detection applications, and much more. Thankfully you don’t have to start from scratch when implementing cybersecurity controls. Many standards and frameworks exist that can help you secure your IT systems properly.

You don’t have to spend a long time in the cybersecurity and information technology world before someone brings up NIST compliance. Since the agency’s inception in 1901 — yes, it’s that old — the National Institute of Standards and Technology has been trusted as the guardian of all proper measurements and standards, including cybersecurity standards meant to increase data security. NIST, which these days is part of the U.S.

Abraham Lincoln is credited with saying that “A lawyer’s time and advice are his stock and trade.” Whether the quote is mis-attributed to Lincoln is irrelevant to the greater message, which is that attorneys are “knowledge workers.” To state it as bluntly as one attorney once explained to an executive where I worked, “My knowledge will keep you out of jail.” As a cybersecurity professional, you too are a knowledge worker.

Like technology itself, cybersecurity is ever-evolving and encompassing more areas of our lives, including transportation. Popular science fiction movies have led us to expect flying taxis and private space travel as the future of transportation. If that is going to become an eventual reality, the first steps towards that future are “smart cars” and automated vehicles. Electric vehicles are expected to account for 58% of global passenger vehicle sales by 2040.