Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In terms of unencrypted traffic, several highly used protocols lend themselves to logging and can significantly reduce the burden of packet capture without lowering the fidelity of information or the capabilities of analysts.

Since December 22nd, 2022, there has been an increase in malware sent via Phishing emails via a OneNote attachment. As with most phishing emails, the end user would open the OneNote attachment but unlike Microsoft Word or Microsoft Excel, OneNote does not support macros. This is how threat actors previously launched scripts to install malware.

On July 11th, 2023, Fortinet published a security advisory detailing a remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-33308). This stack-based overflow vulnerability affects proxy policies and/or firewall policies with proxy mode and SSL deep packet inspection enabled. This CVE was discovered and responsibly disclosed to Fortinet by security researchers.

We’re delighted to announce that 1Password is now available for download on the Microsoft Store on Windows!

The most famous data breaches–the ones that keep security practitioners up at night–involved the leak of millions of user records. Companies have lost names, addresses, email addresses, Social Security numbers, passwords, and a wealth of other sensitive information. Protecting this data is the highest priority of most security teams, yet many teams still struggle to actually detect these leaks.

Researchers at Check Point outline various forms of tailgating attacks. These attacks can allow threat actors to bypass physical security measures via social engineering. “Tailgating is a common form of social engineering attack,” the researchers write. “Social engineering attacks use trickery, deception, or coercion to induce someone to take actions that are not in the best interests of themselves or the organization.

PoisonGPT works completely normally, until you ask it who the first person to walk on the moon was. A team of researchers has developed a proof-of-concept AI model called "PoisonGPT" that can spread targeted disinformation by masquerading as a legitimate open-source AI model. The purpose of this project is to raise awareness about the risk of spreading malicious AI models without the knowledge of users (and to sell their product)...

Maintaining an accurate overview of an organization's assets can be a challenge for any Chief Information Security Officer (CISO). You are not alone in this.

‍Cybersecurity and Infrastructure Security Agency (CISA) is a branch of the United States Department of Homeland Security (DHS) that is responsible for strengthening cybersecurity and infrastructure protection for critical infrastructure organizations across all levels of government.

On May 11, 2017, President Trump signed Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The intention was to reduce cybersecurity risks to national security by improving federal agencies’ cybersecurity and information technology (IT) systems. The executive order holds the heads of federal agencies accountable for their agencies’ risk management practices.