Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass (CVE-2022-27516) vulnerability affecting several versions of Citrix ADC and Citrix Gateway. This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances as Citrix-managed cloud services are not affected. A threat actor could leverage these vulnerabilities in specific circumstances.

On November 8, 2022, Microsoft published their November 2022 Security Update and patched six actively exploited vulnerabilities. The vulnerabilities impact Windows and Exchange Server.

Cybersecurity, like broader technological disciplines, is an ever-changing landscape that industry professionals must adapt to. The zero-trust model of cybersecurity has grown recently as organizations update their security practices to keep pace with, and stay ahead of evolving threats. Zero Trust Network Access (ZTNA) increased by 230% from 2019 to 2020, and more than 80% of C-suite leaders cite zero-trust as a priority for their enterprises.

Scenario-Based Security Awareness Training Teaches Users to Make Better Decisions – Proofpoint Essentials Security Awareness Training. What is GDPR Awareness Training? Since 2018, companies and organisations have had to comply with The General Data Protection Regulation (GDPR), a European data privacy regulation and EU law that was made to give individuals more control over how their data is collected, used, and safeguarded online. Failure to comply with this EU law can result in hefty fines.

Jason Chan, a key member of the Torq Advisory Board, has spent more than 20 years working in pivotal cybersecurity roles. One of his most important positions was leading the information security organization at the video streaming behemoth Netflix for more than a decade. His Netflix team set the bar extraordinarily high, focusing on sophisticated risk assessment and management, and compliance management strategies and approaches.

A denial of service attack is a type of network attack in which an attacker makes the system, machine, or network unavailable to the intended users. There are various types of DOS attacks, like, for instance, a user is trying to reach a webpage but the page redirects the user to another URL or even the user can’t reach its destination i.e. access is blocked. In this article we will discuss.

The Cross-Sector Cybersecurity Performance Goals (CPGs) are a new baseline released jointly by CISA, NIST, and the interagency community, with a goal of providing consistency across all critical infrastructure. The primary webpage for these goals gives us a great understanding of what they are (and are not). It is worth delving into those specifics to understand where the CPGs apply, and how they are intended to be used.

Consider this situation: A man talks on the phone with a known bank robber. He then rents a building next to a bank. Next, he buys duct tape and ski masks. Any one of these actions could be a red flag alerting police to a potential robbery. But together, they tell a more complete story of a crime in the making. Similarly, in cybersecurity, any single suspicious activity is worth investigating.

As cyber threats become increasingly advanced and complex, organizations are forced to adopt a military attitude of ‘war footing’ to secure their systems and servers. Although the use of new technologies has increased to manage complex workloads and operations, the vulnerability of data stored on devices continues to be a worry. Accenture research revealed that cyberattacks have soared by a shocking 125% yearly.

As the number of IoT devices grows, predicted “to reach 27 billion or more by 2025 (IDC, IoT Analytics)”, so does the need for IoT device management companies and security solutions. While there are many benefits to the IoT, there are also security risks that come along with it. Gartner estimates that “75% of security failures will result from inadequate management of identities, access, and privileges” by 2023.