Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

XML External Entities (XXE or XML injection) is #4 in the current OWASP Top Ten Most Critical Web Application Security Risks.

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, yet few organizations are completely compliant with its statutes. Complacency is dangerous territory. Non-compliant entities could be fined up to £18 million or 4% of annual global turnover (whichever is greater). This post clearly outlines the standards set by the GDPR and provides a checklist to help organizations remain compliant.

Digital attackers are increasingly targeting energy organizations including those that support national electric grids. As reported by Morning Consult, security researchers found that utilities worldwide had suffered a recorded 1,780 distributed denial-of-service (DDoS) attacks between June 15 and August 21, 2020. That’s a 595% year-over-year increase.

Life sciences teams are more decentralized than ever, yet the need for speed persists. Even before the pandemic, the ability to bring together quality, clinical, and regulatory personnel to hit project timelines is what separated successful projects from those that languished. The pandemic added another barrier to an already complex venture.

Having closed brick-and-mortar operations on March 16, 2020 for safety reasons, the nearly overnight shift to a purely e-commerce revenue model brought uncertainty. However, a rapid uptick in online sales provided a sense of relief, albeit short-lived. Our client became concerned when a closer look at the online transactions revealed an unusually large volume of electronic gift card purchases made using their private label credit card.

It’s an unfortunate fact that cybersecurity is rarely the foremost of concerns among small- to medium-sized businesses. However, investing in cybersecurity is becoming even more important as these organizations undergo digital transformation. It may seem like there are more important priorities on which a small business could focus, but putting your company and your customers at risk of a cyberattack can have huge consequences.

As you may be aware, prior to the end of 2020 there was a lot of debate about what would happen to GDPR on 1st January. Given that the trade negotiations went down to the wire, we were all left in the dark until the deal was done on Christmas Eve. But what are the main headlines from this deal and, more importantly, what do they mean for UK businesses?

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24 Further reports on the water poisoning attack last week. It really is disturbing how many breached credentials are out there…

In December, Netskope Threat Labs presented our work, “Cloud as an Attack Vector,” at the 23rd International AVAR Cybersecurity Conference. The Association of Antivirus Asia Researchers (AVAR) is a non-profit organization with members from 17 countries and facilitates knowledge sharing, professional development, networking, and partnering for cybersecurity experts and organizations. Ours was one of 27 presentations from 14 different countries featured at the conference.

Over the past several months, many organizations have had to shift their operations to a fully digital platform. This sudden shift was more challenging for some industries, like government, than other industries, like technology. And aside from having to adapt to fully remote operations, many organizations were also subject to tighter budgets, forcing them to become more efficient.