Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We often think of advanced persistent threats or APTs as threats primarily targeting governments for cyber espionage, but they could have just as much impact on the private sector. Oftentimes, both the techniques and the tooling used overlap between APTs and financially-motivated cybercriminals, and some APT groups themselves have taken to moonlighting as cybercriminals for profit.

On July 18th, 2023, Citrix disclosed a critical authentication bypass vulnerability affecting several versions of Citrix ADC and Citrix Gateway (CVE-2023-3519). The vulnerability was identified by independent security researchers, and was responsibly disclosed to Citrix. This vulnerability could allow a threat actor to execute arbitrary code on affected appliances and may also serve as an initial access vector for ransomware and other types of malicious campaigns.

1Password’s summer of passkey announcements continues!

As business operations evolve, the challenge of securely moving data within the cloud is one of elevated concern. Transferring sensitive information to it is another. Many are caught between what worked in on-prem technologies and what is needed in cloud-based architectures. Others have sidestepped the security challenges by implementing a Managed File Transfer (MFT) solution.

Not too long ago, I watched an automobile commercial on television in which the manufacturer placed a huge emphasis on integrity, going on to define the lines of the automobile. I was impressed by this advertisement, so much so that I started looking at all vehicles in a new way.

USB-based malware attacks spike during the first half of 2023, ransomware payments skyrocket, and Big Head ransomware accelerates.

I read with some surprise the interview with Zscaler’s CEO, Jay Chaudry, in CRN where he stated that the “network firewalls will go the way of the mainframe,” that “the network is just plumbing” and that Zscaler proxy overlay architecture will replace it with its “application switchboard.” Well, our joint history in network security teaches us a very different lesson. This is my take.

Shifts in the threat landscape have caused cyber insurance providers to rethink how they offer and price their coverage. The result has been stricter underwriting requirements, more exclusions within coverage, and a dramatic increase in premiums. Tougher underwriting requirements have also put pressure on security and risk leaders to more thoroughly validate their security controls as enterprises are applying for, or renewing, their coverage.

I hear a lot of people compare securing their IT networks to how they would secure a house. But when most people turn the lock on their front door at night, they feel safe enough to go to bed and sleep peacefully.

In a significant stride towards strengthening cybersecurity practices and protecting the nation’s digital future, the White House has issued a formal National Cybersecurity Implementation Plan, and named the 5 pillars that it believes are critical to successfully implementing its cybersecurity strategy.