Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risks are everywhere. Online, in real life. Digital transformation and the rapid integration of cloud-based technologies has been met with an unprecedented increase in cybersecurity risks. In most cases, standard cybersecurity best practices and a strong mechanism for Identity and Access Management will take care of most exploits, vulnerabilities and human errors that lead to a data leak.

There are five levels that make up the Cybersecurity Maturity Model Certification (CMMC) framework. These levels range from Level 1 (Basic Cyber Hygiene) to Level 5 (Advanced/Progressive). With each level of cybersecurity certification, the requirements of the previous level are built upon and new controls and practices are introduced.

Juice jacking is a security exploit in which devices are compromised when plugged into an infected USB charging station, port or use an infected charging cable. This type of security exploit takes advantage of the fact that many people need to charge their devices, especially when traveling, and use the provided USB cables to do so. Apart from charging devices, USB cables are also used to sync data which is how attackers are able to take advantage and extract data from devices.

Acropalypse (CVE-2023-21036) is a vulnerability caused by image editing tools failing to truncate images when editing has made them smaller, most often seen when images are cropped. This leaves remnants of the cropped contents written in the file after the image has finished. The remnants (written in a ‘trailer’ after the end-of-image marker) are ignored by most software when reading the image, but can be used to partially reconstruct the original image by an attacker.

Job scams are a rising form of socially engineered cybercrime. And while it’s easy to imagine the trouble they cause individuals who innocently fall for them (lost opportunities, identity theft, financial loss, and so on) this form of fraud also affects businesses.

Australia officially launched their National Anti-Scam Centre this week. With more than AUD $3.1 billion lost each year, Australians need support. With representatives from the banks, telecommunications industries and digital platforms, the intent of the center is to identify methods to disrupt all kinds of scams and reduce scam losses. While I completely support this initiative, it would be remiss of me not to highlight that the prevention of scams is perhaps as important as the cure.

The MITRE ATT&CKⓇ framework holds immense value in the realm of cybersecurity. With its comprehensive and structured approach, it serves as a powerful tool for understanding and countering complex, multi-vector cyber threats.

Enhance your portal's capabilities with backend plugins and unlock custom functionalities in the second part of our Backstage tour. Step-by-step instructions provided!

Decree No. 2009-834 established ANSSI (Agence nationale de la sécurité des systèmes d’information) as the National Cybersecurity Agency of France in 2009. In 2013, Article 22 of the Military Programming Law defined ANSSI’s functions and responsibilities, giving the agency regulatory and enforcement powers. Further, ANSSI is France’s primary point of contact with the larger European Union (EU) Network and Information Systems (NIS) Directive, with Decree No.

In the realm of data security, there exists a captivating technique known as whitespace steganography. Unlike traditional methods of encryption, whitespace steganography allows for the hiding of sensitive information within whitespace characters, such as spaces, tabs, and line breaks.