PRIVACY PRIVACY ENCSecurity markets a file encryption system, and it’s used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, it’s implementation is flawed in multiple ways—and breakable. The moral is, as it always is, that implementing cryptography securely is hard. Don’t roll your own anything if you can help…

Read More

PRIVACY PRIVACY Threat actors exhibited “ceaseless creativity” last year when attacking the Achilles heel of every organization—its human capital—according to Proofpoint’s annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company’s deployments to identify the latest attack trends by malicious players. “Last year, attackers…

Read More

PRIVACY PRIVACY In the previous article, we covered the release process and how to secure the parts and components of the process. The deploy and operate processes are where developers, IT, and security meet in a coordinated handoff for sending an application into production. The traditional handoff of an application is siloed where developers send…

Read More

PRIVACY PRIVACY Claims raise troubling ethical and cybersecurity considerations Read More

Read More

PRIVACY PRIVACY One of UK’s largest ever drugs labs has been closed down Read More

Read More

PRIVACY PRIVACY Identity and access management (IAM) embraces a broad swath of IT practice.  This practice is subject to two forces pushing it towards greater prominence: increasing threat actor activity and increasing infrastructure complexity.  In response, we see increasing sophistication of the tools used to deal with both. Web3 technology has unique characteristics that lend…

Read More

PRIVACY PRIVACY Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats give security teams an advantage. However, some threat actors are also using machine learning and AI a to scale up their cyberattacks,…

Read More

PRIVACY PRIVACY Trellix finds bugs in OT used for physical access controls Read More

Read More

PRIVACY PRIVACY Cybersecurity experts have raised concerns around the recently announced standards by the Indian Computer Emergency Response Team. 0n 28 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued directives that, among other things, require entities to report cybersecurity incidents to the agency within six hours and maintain IT logs and communications for…

Read More

PRIVACY PRIVACY At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email. In October 2018, prosecutors in the…

Read More