[ Introduction On July 10th, Apple released a “Rapid Security Response” to fix a code execution flaw in the Webkit browser component found in iOS, iPadOS, and macOS Ventura. Although this, update was pulled back the subsequent remediation, was released in quick succession on July 12th. In fact, Apple has long held a reputation as a leader in user privacy and security. Their commitment to protecting user data and maintaining robust defense mechanisms against cyber threats has made the tech giant synonymous with trust and reliability in an era of rapid digitization. After the release of their new VR wearable “Vision Pro”, Apple has also promised they won’t share eye focus movement due to security risks, marking another instance where Apple seems dedicated to their user’s security. Admittedly, Apple’s products often carry a premium price tag, reflecting the advanced security and privacy features they offer. Yet, in the increasingly hostile…
Business Management
What is a VPN? A VPN, or Virtual Private Network, is a type of technology that allows a user to securely access a private network and share data remotely through public networks. VPNs use encryption and other security measures to protect the data being transmitted over the network and prevent unauthorized access to the private network. This allows individuals to securely access their organization’s network, access sensitive information. Also, VPNs are used by internet user’s to browse the internet anonymously. This is possible because the commercial VPNs will allow a user to change their source IP address which confounds website’s ability to track them. Additionally, companies can use VPNs to securely connect their internal networks with the networks of their partners or clients, allowing them to securely share data and other resources. This can improve collaboration and communication within and between organizations. What are the different types of VPNs? There…
Why is user awareness training important for IT security? Phishing operations represent 41% of cyber breach incidents according to the IBM X-Force report. Deloitte estimates phishing to be the initial attack vector in 91% of cyber breaches. These estimates put phishing at the forefront of corporate attack surface because they identify phishing as the most successful method used by attackers to compromise a system and gain initial access to a victim’s network. In response, organizations need to increase their resilience against phishing and other types of social engineering attacks. By testing their staff’s ability to effectively identify phishing attempts and malspam and providing educational material, an organization can identify potential weaknesses and reduce the chance that an employee will fall prey to an attack. Of course, secondary cybersecurity measures should be in place to detect and respond to a successful phishing attack, user awareness training is a good practice…
Nessus is an enterprise vulnerability scanner that can perform external and internal credentialed scans and can support a continuous vulnerability management program. Nessus favors ease of use as compared to granular control over scanning which allows quick and efficient scanning configuration. Nessus comes with many pre-configured scans for PCI-DSS, compliance OVAL, and SCAP scanning, and many scans for novel threats such as Solarigate, CISA threat advisories, Log4Shell, Ransomware attacks, and more. Watch the video below to get the full scoop on how Nessus can support enterprise vulnerability management.
What is Snyk? It’s classified as an SCA (software composition analysis) security tool meaning it scans your source code for use of known vulnerabilities in functions, libraries, packages, and can also scan entire docker images, cloud servers, and IaC (Infrastructure as Code) deployments for vulnerabilities. Watch the video below for a summary and demo on how Snyk’s can contribute to your DevSecOps program.
We Have All Heard This Story Before It’s no doubt that ransomware is is the biggest threat in the modern cybersecurity landscape. The highest amount of ransom ever paid by a single company for a single incident is $40 million US dollars. Companies can incur millions more in remediation costs, service downtime, legal settlements, higher insurance premiums, and potentially suffer long-term deleterious effects to their brand reputation. Blockchain research group Chainalysis suggests that nearly $700 million USD in ransomware ransom was paid in 2020. Defenders have all been hearing this story for years, and know how to secure against ransomware right? The most common initial access vector is phishing so staff training sessions educating our staff on how to spot a deceptive url is required to keep the bad guys out. Installing endpoint security products and keeping them updated, and of course keep bulletproof backups right? Well, yes and no….
Let’s talk about a critical intersection in the world of security; the combination of physical security and brand reputation. On January 9th 2022, a woman was killed while pumping gas when a 65 year old man backed up his SUV into the gas pump. The pump exploded into flames. The woman who was standing beside it was burned to death. This is a horrific and tragic situation that should never have happened. The gas station should have installed bollards to protect the physical pumps from being hit by a car. There should be a federal law that all gas pumps are required to have bollards protecting them. However, there is no such law and so instead, when loss of life happens from such a preventable incident we are left to ask whether the franchise owner is partially responsible. Many will rightfully criticize the owner and the brand for allowing such…
IT Security Best Practices are processes and configurations outlined by industry leading standards organizations such as SANS, NIST, and OWASP amongst others. Some examples of best-practices include: keeping software and systems updated, uninstalling all but required applications and services, segmenting critical network resources, and configuring host and network firewalls to first block all traffic, then allow only required traffic by IP and protocol. But are best practices always feasible for an organization? To some, this may seem like a ridiculous question. Most CISO’s would likely rather consider the question the other way around: “Is not having best practices feasible?”, since their jobs depend on the performance of security controls. So why then did John Mandia of Mandiant Security LLC to respond with “it depends” when responding to that question before a US congressional special hearing in response to the SolarWinds malware [1]? Senator Wyden’s question specifically referenced NIST firewall best…
The Recorded Future web-conference today was a great insight into the deep Cyber-Intelligence technology the company has developed and what it offers organizations. On display were both a definitive set of broad trend data combined with deep and granular information on every aspect of the MITRE ATT&CK framework and beyond. Recorded Future’s LinkedIn profile reports the company as having had Series E funding of $25 million dollars, however Crunchbase reports an even higher total investment of over $50 million dollars. A press report on PRNewswire in October 2021 outlines Recorded Future’s recent investment in CVE intelligence company Cyber Threat Cognitive Intelligence (CTCI) and describes the Intelligence Fund; Recorded Future’s investment platform. For anyone as passionate about Cyber-Security, predictive forecasting, and Intelligence as I am, there is a ton to be excited about with Recorded Future’s platform and capabilities. Here’s what I learned from the conference today. Recorded Future aggregates data…
Various patent indicators, such as number of citations, technology-cycle-time (TCT), number of claims, renewal status have been used to measure the value of patents with respect to economic value through competitive advantage a company patent holding company gains by holding legal rights to sale of the described technology. Another use of patent indicators attempts to gain insight into the emerging innovation landscape or “technology lifecycle”. Analysis of knowledge stock demonstrated by a group of patents can forecast potential novel technologies which will hold advantages over existing ones. Forward Citations A patent’s forward citations are references to it received by a later filed patent as opposed to a backward citation which are references listed on a patent grant (or application) itself. The use of forward citations as a positive measure of a patents importance has been reviewed numerous times in academic literature. The more (forward) citations a firm’s patents receive, the…
