Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million, the business case for cybersecurity has never been stronger. Still, some businesses seem to misunderstand the urgency of meeting current cybersecurity standards. It may help to consider the...

During a recent client engagement, the DGC (DiCicco, Gulman & Company) penetration testing team identified a previously unknown vulnerability affecting the Autodesk Licensing Service, a software component bundled with nearly all licensed Autodesk products. The vulnerability exists in a software component common to most Autodesk products and impacts...

For a while, privacy in Q2 was looking like it would follow the season’s idiomatic rule: in like a lion, out like a lamb. But it came roaring back in June with a new U.S. state law, EU adequacy decisions, a new EU data transfer mechanism, and more. As we look back over the second quarter of 2021, several important developments are worth noting. U.S...

In its Interagency Report 7695, the National Institute of Standards and Technology (NIST) defined an application as “a system for collecting, saving, processing, and presenting data by means of a computer.” This broad term covers enterprise applications, consumer applications, and even phone apps. Security is important in all these types of...

People make up an important part of an organization’s security posture. That’s because some employees have the rights necessary for accessing sensitive data as well as the privileges for viewing and/or editing critical systems. If those individuals have the right focus and training, they can play a crucial part in keeping those assets safe against...

Cloud compliance is more important than ever, especially as businesses and organizations continue to engage in remote and digital work practices due to COVID-19. Even before the pandemic, more and more companies were migrating to the cloud. But what exactly is cloud compliance, and what are some best practices you should keep in mind if you’re...

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively. In...

With the regular and much needed update to critical standards such as HIPAA, auditors and compliance experts need to be continuously on their toes to review and acquaint themselves with these new developments. One of the latest such updates is the Health Information Portability and Accountability (HIPAA) Enforcement rule, which has caused quite a...

IT/OT convergence is an oft-repeated term, and maybe it's the wrong term.From a technology standpoint, IT/OT convergence has been occurring since at least the 1990s when HMI/Operator Stations began running on Windows and when Ethernet began displacing deterministic custom LAN protocols in the OT realm. This technology convergence has continued with...

A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts. The legislation from Senate Intelligence Chair and Democratic Senator Mark Warner with Republican Senators Marco Rubio and Susan Collins is just one of several new...

SIEM (pronounced like “sim” from “simulation”), which stands for Security Information and Event Management, was conceived of as primarily a log aggregation device. However, a SIEM’s primary capabilities are to provide threat detection, better enable incident investigation, and speed up your incident response time, while also giving you a unified,...

On May 12th, the President of the USA, Joe Biden, signed an Executive Order (EO) that would bolster the cyber defences of the USA. The EO is intended to protect against “increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”An EO is a written...

There are many important factors to consider when choosing a cloud provider for your cloud use cases. For organizations in heavily regulated industries, compliance with relevant regulations is one of the most important things to think about. Whether you’re planning for a single cloud workload or a hybrid multi-cloud setup, maintaining compliance for...

When I was younger, and printed newspapers were a more common household purchase, I remember fondly watching my mother play a game called "Spot the Ball." For those of you not familiar with this, it consisted of a photograph of a recent football (soccer) match with the ball removed from the image, and the goal was to place a cross or series of...

Security researchers at AT&T Alien Labs report that a notorious hacking group has been targeting engineers working in the defence industry. In recent months there have been a series of reports of malicious emails that use the disguise of a job offer to target defence contractors in the United States and Europe. Attached to the emails are Word...

Google recently released the new Cloud Security Foundations Guide. We’re going to take apart Google’s guide and show you what’s worth looking into. First, an introduction. “This comprehensive guide helps you build security into your Google Cloud deployments.” - Google What’s going on: Google Cloud Services are out there, being deployed in the...

I was recently asked to host a round table discussion on ‘Governance, Risk and Compliance' (GRC), and I have to admit I was more than a little excited. Why? Because the other people around the table were leading lights in the world of Cybersecurity, Risk and Resilience, and I was looking forward to exploring how a GRC framework can work across...

2021 is a significant year for aviation. It marks the 20th anniversary of the 9/11 attacks, the worst acts of unlawful interference in the history of aviation. It is also the Year of Security Culture for the ICAO community, which aims to enhance security awareness and foster a security culture throughout the industry. The importance of understanding...

Container orchestration platform Kubernetes announced in December 2020 that its third and final release, Kubernetes v1.20, would deprecate dockershim and subsequently Docker as a container runtime. This deprecation has brought multiple changes that admins must be aware of and accordingly respond to. To best understand these changes and how...