Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Defense contractors across the U.S. are moving to update their cybersecurity programs to meet or exceed Cybersecurity Maturity Model Certification (CMMC) requirements launched in 2020 by the Department of Defense (DoD) to provide greater protection of Controlled Unclassified Information (CUI). The effort required for CMMC Level 3 Certification will be significant for many of the small to midsized firms who have limited information technology and cybersecurity personnel and resources.

To thrive in today’s cybersecurity landscape, learning the art of defence is essential, and layering this approach with Att&ck framework techniques has become a necessity. It means your organization needs to have a cybersecurity team to ensure that every aspect of your infrastructure is secured through processes, technical controls, and people.

On February 9, 2021, Alex Birsan disclosed his aptly named security research, dependency confusion. In his disclosure, he describes how a novel supply chain attack that exploits misconfiguration by developers, as well as design flaws of numerous package managers in the open source language-based software ecosystems, allowed him to gain access and exfiltrate data from companies such as Yelp, Tesla, Apple, Microsoft, and others.

SHORT SUMMARY: STOCKHOLM, SWEDEN – In February 2021, Detectify co-founder and Crowdsource hacker Frans Rosén was looking for security bugs in Apple services. Noticing that many of Apple’s own apps store their data in public databases on Apple’s data storage framework CloudKit, Frans was curious to know if any specific apps’ data could be modified with access to the public CloudKit containers in which their data was stored. Long story short, they could.

The #LifeatTorq Team Spotlight is a Q&A series dedicated to the talented and generally kick-ass team that form the foundation of our growing company. Today we are spotlighting Leen Neuman, a Front End Engineer at Torq, based in our Tel Aviv office.

Cybersecurity is a business issue, not just a technology issue, and it is no longer deemed as a luxurious investment but rather a necessary one. It’s been a long time coming, but companies are finally coming to terms with the seriousness of cyber threats. Cyber attacks are growing in complexity, and their unpredictable nature stimulated by the evolution of technology has prompted companies to significantly boost their cybersecurity budget.

Most ransomware groups operating in the RaaS (Ransomware-as-a-Service) model have an internal code of A new zero-day vulnerability (CVE-2021-40444) affecting multiple versions of Windows has recently been discovered and disclosed by Microsoft. According to Microsoft’s Security Update Guide, the MSHTML component can be exploited by an attacker through a custom ActiveX control, allowing remote code execution.

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable ones, i.e. children and elders.

Today’s organizations utilize a multitude of solutions to create, share and manage their sensitive content. That business reality is exacerbated by additional cloud file storage solutions that result from acquisitions, competing employee preferences, or shadow IT initiatives. So, it’s no surprise IT teams struggle to manage and control document and file system sprawl.

According to a recent CNBC report, Google has seen a rise in posts flagged for racism or abuse on its message boards. This has caused the company to ask its employees to take a more active role in moderating internal message boards. That’s one way to handle content moderation. But, it also takes an employee’s time and attention away from higher-value tasks. Many companies address instances of internal harassment through training and stronger HR policies.