The nation’s capital—Washington, D.C., hosts over 700k+ individuals along the shared border of Maryland and Virginia; within Columbia, an estimated 86.9% of inhabitants can actively vote. The D.C. Board of Elections (DCBOE) is an autonomous group overseeing elections in the area. They manage the voter registration process and manage ballot access for the public. However, D.C. residents are under threat following a recent data breach.

All web traffic flowing out of your company network should be passing through a web proxy. These proxy logs are a great resource for threat hunting and security investigations, yet they often translate into extremely large volumes of data.

The factors that pose risks to companies are constantly changing. Clinging to a single defense strategy can be counterproductive, as this strategy can quickly become outdated and ineffective. As a managed service provider (MSP), you may have found that your customers are unwilling to consider new cybersecurity tools unless there is a problem, or they aren’t satisfied with their existing solution.

In the dynamic realm of governmental regulations, the Digital Operational Resilience Act (DORA) in the EU emerges as a game-changer. Slated for a detailed rollout by early 2024, the buzz surrounding DORA has resonated within the information and communication technology (ICT) and financial sectors for quite some time, and its distinction lies in its holistic and authoritative approach. DORA is heralded as the high-water mark for cybersecurity regulations tailored for the financial arena. Its mission?

The Open Web Application Security Project (OWASP) has published the latest edition of its API Security Top Ten, which was first published in 2019. The Top Ten is a significant daughter list of the OWASP Top Ten, which is one of the most definitive lists of the most severe web application risks. Why is this important? What are its main findings? And what does this mean for application security?

As attackers evolve their toolsets and processes, the significant drop in dwell time signifies a much higher risk to organizations that now have less time to detect and respond to initial attacks. This is bad news. Two years ago, the median dwell time – the time between gaining access to a network and executing the ransomware – was 5.5 days. Last year it was 4.5 days.

The massive uptick in business email compromise (BEC) is considered one of the costliest attack types, requiring organizations to put employees on notice to stay vigilant. The latest research from the FBI puts the average cost of BEC attacks at around $125,000. What makes them so dangerous is that they largely rely on text-only emails using social engineering to trick those with finance responsibilities into parting with the money they control.

In 2022, a German security researcher disclosed that he had gained remote control of over 25 electric vehicles. In doing so, he was able to access numerous onboard features of these vehicles such as querying the vehicle location, disabling security features, unlocking doors, and starting the engine. The security flaw that allowed this break was not with the vehicle’s system itself, but presented by an open source companion application.