In Part 3, CrowdStrike’s Endpoint Protection Content Research Team covered the finer points of Input/Output Control (IOCTL) usage by various wipers. The fourth and final part of the wiper series covers some of the rarely used “helper” techniques implemented by wipers, which achieve secondary goals or facilitate a smaller portion of the wiping process.

It’s that time of year again: October is Cybersecurity Awareness Month. At the very least, it serves as an annual reminder to check your security posture, both at work and at home. But I figured that it also might be a good time to take a closer look at more specific topics over the course of the month. I will do my best to stay out of the weeds, but this is important for all of us to be aware of.

Surveillance is becoming an increasingly standard component of modern life, posing a threat to the idea that people have a right to privacy. In many situations, we unwittingly provide companies with information about our preferences, routines, and interests. In this age of digital era, you must not rely on evolving surveillance regulations and vendors to keep your personal information and security intact.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A truly bizarre attack target. Could it have been a prelude to compromise/blackmail or were they practicing for another target? Curious…

In a world where software is ruling everything (well, almost everything), ensuring it is safe and tamper-proof becomes quite crucial. More so if you deal with software manufacturing and development. So are you in the software or application development business? If yes, you must know about all the safety-related concerns people have while using any application. To make sure your end-users are safe from any third party, it is important to sign all your codes digitally.

WebAuthn technology is pivotal to passwordless authentication. When implemented correctly, the specification makes it simple and secure to sign in to accounts without entering a traditional password.

Online safety is second nature for some — but it’s not easy for everyone to stay up to date with the latest security advice. Whether you use the internet to stay in touch with friends and family, play games, or meet new people, everyone needs to know how to stay safe online. October is Cybersecurity Awareness Month — so there’s no better time to brush up on online safety.

Schools and non-profits share the same problem when it comes to cybersecurity budgeting: limited resources which forces a choice between staff with the right expertise and effective tools that work for the organisation.

Previously published blog post: Recently, Arctic Wolf observed threat actors begin exploiting CVE-2022-40684, a critical remote authentication bypass vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager.

If you’re like me, you really appreciate a test automation step as part of your pull request (PR) CI for that added confidence before merging code. I want to show you how to add Playwright tests to your PRs and how to tie it all together with a GitHub Actions CI workflow.