Penetration testing is a booming market due to the unquenchable and growing need for continuous testing of security that is deployed for various assets like web applications, networks, mobile applications, and cloud environments.

CREST or Council of Registered Ethical Security Testers is a non-profit membership body that was established in 2006 as a response to the need for more regulated, standardized cybersecurity services.

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive knowledge base of tactics, techniques and procedures that adversaries use to conduct cyber-attacks. The MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

In what may be the largest Twitter data breach attack to date, the personal data of over 400 million users was stolen from the social media giant’s grasp and put up for sale on the dark net on the day after Christmas. This attack couldn’t have happened at a worse time for the company, as the Irish Data Protection Commission (DPC) has announced an investigation into an earlier Twitter data leak in November 2022 that had affected over 5.4 million users.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Apple is typically known for its minimal design, user-friendly UI, and hardware. But, the success of their products, especially iPhones, has long relied upon timely cybersecurity updates and their effectiveness.

A person’s most valuable and often utilised asset is their identity. Identity verification is used to demonstrate that the person’s identity matches what they say it is. It determines whether a person is actually hiding behind the persona he presents.

Happy New Year! A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. It would be nice to say, a new year, new approaches and everything is safer, but it seems things have slid over from last year with a bunch of data breaches.

To cope with increasingly costly pay-outs, providers are redefining the terms of cyber insurance to reduce their exposure. The implications could spell myriad changes for the cyber security industry. Whatever the outcome, it’s time for organisations to re-evaluate whether their policy will cover them against the attacks they are most susceptible to.

IT leaders count on Human Resource (HR) departments to be partners in promoting an organizational culture that values security. From setting device usage policies on an employee’s first day to facilitating security training and awareness, HR has an important role to play in the adoption of IT policies. In their day-to-day roles, HR is critical to security in its own right.