When we think about cyberattacks and malicious hackers, we often think in terms of our own personal lives and our own organizations. In my experience in cybersecurity, I often hear people say “Why would hackers target me? We are too small” or “I’ve nev…Read More Critical National Infrastructure (CNI) Attacks on the Rise: Are We Ready?
I was recently tasked with reverse engineering (RE) some mobile apps. The actual task was to “learn” to RE – I don’t actually know how to do it, so it’s a good thing it’s more of a learning experience than an actual security job. And the task wasn’t re…Read More Learning All About Ghidra – Inside a Class with Craig Young
In today’s world with cyber attacks hitting the headlines daily, cybersecurity is at the forefront of many business owners’ minds, but implementing the right solutions and knowing what to do to reduce your risk is a big challenge for decision makers in…Read More The Importance of Cybersecurity Standards and Certifications for SMBs
“Say ‘Ta,’” said Mamma Bear. “Ta,” said Baby Bear. He then dropped the mug of blackcurrant juice by accident. “What have you done?” exclaimed Daddy Bear. “The carpet is RUINED!!” Baby Bear felt a great se…Read More Shame and Cybersecurity: Creating a Safe Space in Your Organization
The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that orga…Read More How to Report a Data Breach per GDPR
In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all c…Read More The Digital Pandemic – Ransomware
Cybersecurity has become a critical concern in every business sector nowadays due to organizations’ growing dependency on technologies. Research by Immersive Lab reported that in 2019 there were more than 20,000 new vulnerabilities. Not only that, Tech…Read More Everything You Need to Know about Cyber Crisis Tabletop Exercises
Talk to cybersecurity experts about cybercrime on their network, and they will mention malicious activity like scans, attacks, events, and incidents. Probably at some point, they will slip into geek-speak with a vast array of confusing acronyms and jar…Read More My “Cybercrime” Isn’t Your “Cybercrime”
The Internet of Things (IoT) includes items such as smart appliances, smartwatches, and medical sensors. For organizations to enjoy all of the benefits and convenience of IoT devices, enterprise customers must fully understand the potential risks…Read More IoT Devices Built to Meet Cybersecurity Needs
Cloud technology is a powerful tool with unmeasurable potential. Across the globe, companies are harnessing the cloud to propel their business solutions. However, there are always some companies that cannot entirely shift their solutions to the cloud. …Read More Factors You Should Consider for an Optimal Hybrid Cloud Strategy
Organizations are under tremendous pressure to deliver innovative products and stick to tight release timelines. To keep up with the rapid release schedule, engineering teams are adopting the DevOps model for its increased efficiency and agility. It ha…Read More Overcome the Security and Compliance Challenges in DevSecOps
Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million, the business case for cybersecurity has never been stronger. Still, some businesses seem to mis…Read More Failing to Meet Cybersecurity Standards Can Have Legal Consequences for Companies
Threat modeling is increasing in importance as a way to plan security in advance. Instead of merely reacting to threats and incidents, an organization can identify and evaluate its security posture, relevant threats, and gaps in defenses that may allow…Read More Using Threat Modeling to Boost Your Incident Response Strategy
During a recent client engagement, the DGC (DiCicco, Gulman & Company) penetration testing team identified a previously unknown vulnerability affecting the Autodesk Licensing Service, a software component bundled with nearly all licensed Autodesk p…Read More IT Risk Team Discovers Previously Unknown Vulnerability in Autodesk Software During Client Penetration Test
For a while, privacy in Q2 was looking like it would follow the season’s idiomatic rule: in like a lion, out like a lamb. But it came roaring back in June with a new U.S. state law, EU adequacy decisions, a new EU data transfer mechanism, and more. As …Read More Privacy in Q2: In Like a Lion, Out Like a … Lion
Today’s enterprise operations involve the coordination of several different digital ecosystems but none quite so inflamed as the cybersecurity ecosystem. Technology has been evolving at a rapid pace, and attackers are armed with advanced tactics to ste…Read More How Did the Cybersecurity Ecosystem Get So Clogged Up?
As businesses emerge from the pandemic, many are making strategic decisions about their long-term work arrangements. While there is a substantial debate about remaining remote or bringing people back to the office, many companies are choosing to meet i…Read More How to Secure Hybrid Teams Against Insider Threats
In 2019, the hospitality industry suffered 13 percent of all data breaches, ranking third highest among targeted industries. It was two years later when NIST released SP 1800-27: Securing Property Management Systems to help hoteliers secure their Prope…Read More What Is NIST SP 1800-27: Securing Property Management Systems?
For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That’s because the Domain Name System (DNS) protocol does a good job of seamlessly rout…Read More NAME:WRECK DNS Bugs: What You Need to Know
Now that the ongoing worldwide trend toward “going digital” has been accelerated by COVID-19, taking extra precautions to protect your organization’s data, communications and information assets is more important than ever. Of course, there are many tra…Read More Creating Cloud Security Policies that Work
In December 2020, the world discovered that the SolarWinds’ Orion Platform had been compromised by cybercriminals, potentially affecting thousands of businesses the world over. Security groups such as the National Cyber Security Centre (NCSC) pro…Read More The Winds of Change – What SolarWinds Teaches Us
As expected, the start of 2021 has seen unprecedented movement in the U.S. with 22 states introducing comprehensive privacy legislation and even more introducing specific-use legislation. To date, hundreds of privacy bills were introduced across the st…Read More A quick round up of privacy highlights for Q1 of 2021
According to Risk Based Security’s 2020 Q3 report, around 36 billion records were compromised between January and September 2020. While this result is quite staggering, it also sends a clear message of the need for effective database security measures….Read More 10 Database Security Best Practices You Should Know
It’s an unfortunate fact that cybersecurity is rarely the foremost of concerns among small- to medium-sized businesses. However, investing in cybersecurity is becoming even more important as these organizations undergo digital transformation. It may se…Read More Are Your IT Infrastructures Up to Date with the Cybersecurity Compliance Laws in 2021?
Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check. These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but inci…Read More Industrial Remote Access: Why It’s Not Something to Fear
Note: The attack procedure built in this post will not work for every macOS operating system or in every scenario. There are many factors that can block scripts from running at boot time, and you should always test against your target operating system….Read More Coming to Life: A Detailed Tutorial on Building Your First ATT&CK Procedure
When I was a software developer, I never joined any dev communities. I didn’t see the point. I also worked evenings as a professional musician and mostly spent time within the music community and sports groups I was a part of. I spent time with my dev …Read More How Joining a Professional Community Can Supercharge Your Career and More
Social media is no stranger to scams. However, recent trends show scammers have started to show more aggression toward businesses since the beginning of the pandemic. Being able to recognize these scams can help you prevent injury to your business. Soc…Read More Scams Starting on Social Media and Targeting Your Business
It is the Tuesday morning after a long weekend. You come into work early to get caught up on emails only to find you are completely locked out. You have been hit by a ransomware attack. You ask yourself, “What happened? And how do I fix it?” This post …Read More REvil, Ryuk and Tycoon Ransomware: How They Work and How to Defend Against Them
Cyber attacks that lead to data breaches are becoming increasingly common in all industries, but there are certain types of businesses that are more vulnerable than others. The hospitality industry in particular is one of the most likely industries to …Read More Malicious Actors Reserving Their Cyber Attacks for the Hospitality Industry
Data Privacy Day (DPD) is January 28. Sounds exciting, right? I’m sure you’ve got the pinata stuffed and the presents on the way. What is DPD about? It’s all about me! We generally don’t like to use this phrase. It’s consi…Read More What Data Privacy Day 2021 Means for Individuals
Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles tha…Read More A Look at the Legal Consequence of a Cyber Attack