Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ending a business relationship with an employee can be daunting, especially if things end on bad terms. Offboarding is critical to ensure that any disgruntled former employees do not expose company information. There have been cases in the past where former employees are the cause of massive data breaches. Some data breaches are intentional, like when a former CIA employee was convicted for carrying out the largest data leak in the agency’s history.

Signed into law in March of 2022, the Strengthening American Cybersecurity Act (SACA) gives federal authorities an overview of all cyber attacks against critical infrastructure in the United States for the very first time. SACA has three parts: SACA comes at a time when governments are facing a significant paradigm shift.

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” – Sun Tzu. The above quote by Sun Tzu summarizes cyber threat intelligence (CTI) perfectly.

People have become the primary attack vector for cyber attackers around the world. As the Verizon Data Breach Investigations Report 2022 indicates, it is humans rather than technology that now represent the greatest risk to organizations. According to the SANS 2022 Security Awareness Report, the top three security risks that security professionals are concerned about are phishing, business email compromise (BEC) and ransomware, all closely related to human behavior.

While modern businesses depend on data to stay ahead of the competition, data alone isn’t enough. They also need efficient search engines to quickly index and search through millions of records to make sense of the data. Today we’re looking into SOLR and Elasticsearch, the two heavyweights in this domain, to compare their performance differences and use cases.

Newer OpenSSL vulnerabilities are identified regularly by genuine security researchers or come to light as zero-day vulnerabilities when exploited by threat actors. While patching the bugs and OpenSSL vulnerabilities are important, organizations cannot wait for and rely just on patches to protect their websites. They need to be proactive in identifying and securing these vulnerabilities before attackers can find and exploit them.

Illustration by jcomp On Sept. 15, Uber Technologies Inc. was breached by an 18-year-old. The hacker purchased an employee’s stolen credentials from the dark web and pushed a flood of multi-factor authentication (MFA) requests and fake IT messages to them in hopes of getting into their account. Irritated by the non-stop pop-ups, the employee caved in and approved the request, unwittingly setting off a cyberattack.

Digitalization is not a new term anymore, and it’s surely never going to fade away as it has etched its space in every sector. The optimistic business transformation it brought compelled almost everyone to incorporate digitalization processes into their business operation. Every industry realized that to proceed with the ongoing business profit and to compete in the market, they must adapt to the latest digital technology.

On September 11th, 2022, Snyk published a vulnerability report for the popular CSRF token management csurf npm package. The vulnerability impacts all known versions, which are currently yielding more than 400,000 downloads per week. The vulnerability report is based on the public disclosure by security consultant Adrian Tiron and their write-up on the Fortbridge blog.

Wireless network technology is widely used but at the same time, it has many security weaknesses. Several reports have explained weaknesses in the Wired Equivalent Privacy (WEP) & Wi-Fi Protected Setup (WPS) to encrypt wireless data. Before understanding the benefits of Wireless Network Assessment it is necessary to know what it is, why it is needed, how the service works and what you get from the service.