This past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it created a new unwanted behavior. Our suspicion turned out to be true: we discovered that another way to cause a DoS was introduced.

Every year Verizon releases the Data Breach Investigations Report (DBIR), covering some of the biggest trends in data breaches across industries, highlighting the common causes for breaches as well as trendy attack vectors. And every year, when it is released, my inbox is immediately hit with questions from colleagues and customers asking how Netskope can mitigate each of the issues raised. So this year I thought I would share my analysis more widely.

This blog is a part of our new series 5 Strategies for Building Resilience to Financial Crimes and Cyber Attacks in 2022. Access to the right data at the right time is the foundation of an efficient payment fraud prevention strategy. At INETCO, we like to say that not all insights are created equal: if you are missing some key pieces of the puzzle you won’t get a clear picture of the threat landscape.

Online privacy is a state where one can keep their information and activities private from others. Due to the increase in internet usage for various purposes like social media, entertainment, education, and even business, the threat to data privacy has also increased. Above all the other online niches, businesses involve more critical data such as customer data, financial information, intellectual property, business agreements, and employee details.

Four high-severity vulnerabilities have been exposed to the framework used by pre-installed Android system apps with millions of downloads. Fixed by Israeli developer MCE Systems, this issue could allow an attacker to launch remote and local attacks or be used as a vector to exploit extensive system privileges to obtain sensitive information. Here’s what Microsoft 365 Defender Research Team had to say about it.

The National Institute of Standards and Technology is an agency within the U.S. Department of Justice. It was founded in 1901 to support science and technological development. For decades, it has provided guidance on computer security. In 2014, in cooperation with public and private sector experts, the NIST released its cybersecurity framework. The framework combines best practices and industry standards to help organizations deal with cybersecurity risks.

Cyber attacks and data breaches are top of mind for businesses around the world as attacks on vulnerable networks persist. It is now more important than ever to ensure cybersecurity and resilience. But how do these two practices differ? This blog highlights the differences between cybersecurity and cyber resilience and how to secure your business for optimal cyber protection.

While your security staff tends to work the same business hours as everyone else, it often feels like threat actors never take a day off. Because an attack can and will come from any direction at any time, an organization’s cyber readiness is paramount. Your cyber readiness is the level at which you’re able to identify and respond to an attack.

In any organization and in largely any industry, most network analytics are driven by IT. Healthcare providers are no exception. The insights extracted via network analytics offer serious opportunities for operational improvements and added value across departments. There are also significant ancillary benefits from a more cyber-aware and “plugged in” organizational posture — including improved information sharing, collaboration, and security.

Enterprises today want real-time business insights to make decisions that improve operational efficiency and customer engagement and present newer revenue opportunities. However, the promise of the data-driven business falls short due to gaps in data management. These gaps exist because data in the modern enterprise doesn’t exist only behind firewalls and within organizational premises.