In order to observe best practices, and to meet with technical and other requirements, organizations often use frameworks for cybersecurity compliance and regulatory compliance. These frameworks provide best practices and guidelines to assist in improving security, optimizing business processes, meeting regulatory requirements, and performing other tasks necessary to achieve specific business objectives such as breaking into a particular market niche … Read More
Social Engineering Attacks – How to Avoid Becoming a Victim
Cyber-attacks have increased in sophistication – not only in the technology and resources available to hackers but also with the evolution of techniques like social engineering. Just as a galvanized steel chain is only as strong as its weakest link, the security of your business is only as good as its most vulnerable elements. And for the majority of businesses, … Read More
Web Cache Poisoning – How Hackers Are Weaponizing Web Caches
In a recently discovered (but yet to be fully publicized) attack, security researcher James Kettle has apparently succeeded in cache poisoning, the hacking and weaponizing of the web caches of several major websites and online platforms. The victims include online stores, a software product, a video game, a popular cloud platform provider, a hosting platform provider, an investment company’s investor … Read More
Leaked Credentials – An Insidious Problem for the Enterprise
Though data breaches have the potential to expose corporate secrets, finances, and intellectual property to prying eyes, a more insidious problem for the enterprise is the issue of leaked credentials. Email and network usernames, passwords, and related information may also form a major part of the corporate data leakage that follows a serious breach. And since these identifiers may be … Read More
Employee Security Awareness Training – Management Side
As many organizations have learned to their regret, a policy for cybersecurity – however comprehensive, proactive, and technologically sound it may be – is doomed to failure if its terms aren’t adhered to by stakeholders of the enterprise, across the board. This emphasizes the need both for eliciting buy-in to the concept and culture of security awareness, and for management … Read More
Microsoft Implementing JavaScript In Excel: What Are The Potential Threats?
Since its arrival on the computing scene in 1995, JavaScript has emerged as a “consumer level” programming language capable of powering common website features like multimedia modules and form submissions. And given its long history, JavaScript code snippets are currently available across the internet, in a number of freely accessible libraries and resource bases. It provides convenient automation – for … Read More
What is WireGuard? A Closer Look at a New VPN Technology
A new VPN (Virtual Private Network) technology called WireGuard that’s being billed as perhaps “the most secure, easiest to use, and simplest VPN solution in the industry” is currently gaining traction. It’s especially popular among application developers working for companies that are looking to build their backend infrastructure (administration, archives, and other non-customer facing business units or applications) on the … Read More
The Benefits of Real-Time Cyber Threat Intelligence
To protect their personnel, assets, and sensitive information from being compromised, hijacked, or stolen by malicious actors, organizations are often advised to adopt security best practices, and to deploy the latest in secure technologies. But these things can’t be pulled out of thin air, or identified and adopted without knowledge of what they are, how they should be used, and … Read More
What is Domain Fronting?
A little-known software feature called domain fronting has become the central issue in a worldwide dilemma now facing internet users wishing to gain access to websites and online resources that their governments have deemed off-limits. Censorship of internet access and content has been very much in the news in recent months, as the global debate over data rights and privacy … Read More
Best Practices to Prevent DLL Hijacking
Though we routinely use computer programs to perform our daily tasks, few of us actually know or tend to consider the implications of how this software is constructed, and any weaknesses it might be vulnerable to before it starts its work. But hackers and the malicious tools employed by cyber-criminals don’t only target applications once they’re up and running. It’s … Read More