On November 1 the OpenSSL Project released patches addressing the previously rated "Critical" vulnerability that was pre-announced last week. The "Critical" rating has been downgraded to "High.".

As digital business becomes more widespread, the need to ensure data security increases. One way to test its effectiveness is through penetration testing. Penetration tests are performed by ‘ethical hackers’ who attempt to gain access to systems and data to find vulnerabilities. By doing so, businesses can then take steps to mitigate these risks. Companies should consider penetration testing as an essential part of their overall security strategy.

In October, BleepingComputer reported that the websites of several airports were experiencing service disruptions after the KillNet threat actor group announced that they would target airports throughout the U.S.

We’ve made it through spooky season once again, but there is still plenty of scary business unfolding in the world of cybersecurity. October offered several useful cautionary tales for organizations, including a company that took fast action and averted a threat, one that overlooked a security gap for far too long, another that offered a crucial reminder about improper conduct, and one more that … well, we’re not quite sure what the heck happened with that one.

Yesterday, TechCrunch broke a story about pharmaceutical giant AstraZeneca, which experienced a leak affecting sensitive patient data. We think this incident is worth reviewing to learn more about how data exfiltration risk is distributed across the entirety of an organization’s SaaS infrastructure.

On November 1st, Dropbox disclosed a security breach where the attackers stole over 130 code repositories after gaining access to one of the employee’s GitHub accounts using the stolen credentials of that employee via a well-designed phishing attack.

One of the most challenging positions within an organization is that of a chief information security officer (CISO). A little while back, I had an opportunity to sit down with Chris Hughes, CISO and co-founder of Aquia, to discuss his experience in the role. Acquia is an open source digital experience company that empowers the world’s most ambitious brands to embrace innovation.

On November 1st 2022, the OpenSSL team released an advisory detailing two high severity vulnerabilities — CVE-2022-3602 and CVE-2022-3786. This was pre-announced as a critical bug, but later downgraded to high for the actual release. This could still be problematic though, OpenSSL is one of the predominant encryption libraries and is underpinning a significant portion of the internet’s TLS protected communications.

As available software on the market increases, so do vulnerabilities. When a company's system is weak due to vulnerabilities in the software it uses, attackers take advantage of the situation to: This, in turn, causes the company to lose customers, reputation and money. To reduce threats, network personnel and system administrators are always on the front line, constantly patching the organization's software and operating systems. But to what end?

The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process.