Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Blogs

Virtual CISO Services: A Smart Solution for Modern Businesses

In today's dynamic cybersecurity landscape, businesses of all sizes face significant challenges in safeguarding their data and systems from cyber threats. As the need for robust cybersecurity measures grows, many organizations are turning to Virtual CISO (vCISO) services as a cost-effective and flexible solution to enhance their security posture. A Virtual CISO is an outsourced cybersecurity professional or team that provides the expertise and guidance of a Chief Information Security Officer (CISO) on a part-time or contract basis.

Announcing four new administrator controls for 1Password Business

Balancing robust security with user-friendly access is no small feat. As security professionals, you’ve shared the challenges you face—managing security across a diverse workforce, visibility into security issues, streamlining onboarding and offboarding processes, and ensuring compliance with regulatory requirements. And we’ve listened.

The Invisible Risk of Mobile Apps: PWA Fraud and How to Prevent It

Almost a decade after their emergence, Progressive Web Apps (PWAs) finally went mainstream in 2024. Their MO? To compete with, and in some cases replace native apps. To do this, PWAs promise to combine the best features of web and native mobile apps, delivering seamless, reliable, and engaging experiences across all devices and platforms. Cross-platform compatibility, direct distribution, cost and maintenance advantages – it all sounds very alluring.

Enhancing CISO-Board communication: Three key questions for the CISO to answer

A challenging dynamic exists between the CISO and the Board of Directors. While both stakeholders focus on risk management, their approaches to risk and the language they use are notably different. Though regulations like the NIS2 directive and SEC cybersecurity disclosure rules have given CISOs a bigger seat at the table, the legal requirements and operational prioritization to meet them have exposed a difference in perspective and understanding between the two roles.

Zero Trust + AI: fewer alerts, guaranteed security

Excessive cybersecurity alerts are not a trivial matter; they pose a real challenge that directly impacts business security strategies. Too many notifications generate stress on IT teams, which are increasingly being reduced in size while facing a heavier burden of tasks. This situation can lead to urgent alerts being overlooked, putting system security at risk.

Emerging Security Issue: SonicWall SSLVPN (CVE-2024-40766)

CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw. Its primary danger comes from the potential for providing unauthorized network access, both allowing attackers unfettered access to critical resources and, in some cases, giving attackers the ability to crash the firewall.

Crimson Palace APT: How China's Tag-Team Cyber Espionage Units Are Targeting Asian Governments

Advanced Persistent Threat (APT) groups have long been key players in global cyber espionage, and in 2024, a Chinese-linked threat cluster known as "Crimson Palace" continues to demonstrate its effectiveness. This collective of three distinct APT units has managed to breach multiple organizations across Asia, including a prominent government agency in Southeast Asia, proving their ability to evade detection and extract sensitive information.