Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

The CA Consumer Privacy Act | What Businesses Need to Know

This summer, California passed groundbreaking privacy rights legislation through the California Consumer Privacy Act. The law takes effect January 1, 2020 but companies need to have data tracking systems in place by the beginning of 2019. Even if your business is not located in California, you may be liable - so here’s everything you need to know to get your data security compliant.

VLAN Hopping and Mitigation

A VLAN is used to share the physical network while creating virtual segmentations to divide specific groups. For example, a host on VLAN 1 is separated from any host on VLAN 2. Any packets sent between VLANs must go through a router or other layer 3 devices. Security is one of the many reasons network administrators configure VLANs. However, with an exploit known as 'VLAN Hopping', an attacker is able to bypass these security implementations.

Compliance is not security

The recent hack on British Airways is alarming to say the least, and it’s not just because roughly 380,000 payment cards were compromised. British Airways is a huge company earning millions each year. These sorts of companies are heavily regulated and are required to be Level 1 PCI complaint (the highest level of compliance).

Weekly Cyber Security News 07/09/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A pretty energetic week for a change. Varied and unexpected breaches as is the norm, though a few new items of note. The first is a little worrying, and really hopefully (at least for the public) won’t set a precedent: Penalising those that can’t make use of good password best practice.

Information Leakage of Threat Intelligence, Incident & Status Data

Information leakage of threat intelligence, incident data, and status data can have several legal consequences for organizations. Information leakage can occur due to the misconduct of disgruntled employees or results in by virtue of a nefarious cyber-attack. The underlying sections will take a deep dive into two different scenarios—namely, The Trauma of IP Address Leakage and The Menace of Product Vulnerability Leakage.

Introduction to Threat Intelligence and Types

The phrase Threat Intelligence has slowly gained significance in the information security community and their discussions. With the decision makers considering it as a high priority requirement, vendors have launched an array of products which are indeed confusing for an executive with the managerial background. This is an introductory post in our series of detailed discussion on threat intelligence.

How Trade Secrets Can Be Abused By An Attacker After A Data Breach

Even as public awareness of data breaches grows, the popular conception of what information is sensitive, and how sensitive it is, lags behind the threats that individuals, businesses, and governments face today. The classic model for a data breach is individuals’ login credentials for banking or private identity information like their social security numbers, but there is equal– and in many cases far greater– value in information with less obvious potential for abuse.