The most recent book that we’ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks. The book is described as being for, “anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing.” As someone who works primarily with REST APIs, I was...

Tripwire's February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google. First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024...

The financial services sector faces unprecedented cybersecurity challenges in today's digital age. With the industry being a prime target for cybercriminals, understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of cybersecurity regulations affecting financial services,...

What is the greatest cyber risk in the world right now? Ransomware? Business Email Compromise? Maybe AI? Well, the last one is pretty close. According to the World Economic Forum, misinformation and disinformation are the most severe global risks of the next two years. In their Global Risks Report 2024, the WEF posited that the post-pandemic world...

Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy,...

Navigating the information superhighway is like threading your car through traffic on a dangerous rush-hour freeway. The journey is full of perils that can prevent you from getting where you need to go and turn the trip into a bumpy ride. In the same way, we plan for wrecks and try to avoid hazards on the road, businesses can minimize the impact of...

Although attacks on small and medium-sized businesses (SMBs) rarely hit the headlines, they remain a serious threat. Unlike their corporate counterparts, many SMBs lack the tools, skills, and mitigation services they need to combat modern threats. Understanding that forewarned is forearmed, the National Cyber Security Centre (NCSC) recently debuted...

Last year, the Securities and Exchange Commission adopted rules on cybersecurity risk management that focused on transparency. Much of the adopted rules were focused on investors, but the rules also underscored the importance of the impact to customers when cybersecurity incidents occur. The data security landscape has recently shifted to...

Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses...

With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and evolving IT networks where many new services are going online every day and software components...

In the ever-evolving landscape of cybersecurity, businesses and individuals find themselves in a relentless battle against the surge of cybercrime, which continues to escalate in complexity and frequency. Despite the significant investments in cutting-edge cybersecurity solutions, the financial toll of cybercrime persists, with costs escalating...

In recent times, the remarkable advancement of AI has revolutionized our technological landscape. Its profound benefits have not only enhanced the efficiency of our daily operations but also induced transformative shifts across industries. The impact of AI has made our lives more convenient, creating new opportunities in the digital world. Looking...

Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an age where robots collect, collate, and save information for a more opportune and profitable day. It is ever more important to...

Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm...

Tripwire's January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian. First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. For...

The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion, with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital...

One of the most important concerns for organizations of all sizes is protection against cyberattacks and other digital threats to security. These dangers can prove a major setback for a company, and many even pose an existential threat. In order to effectively prevent cybersecurity incidents and protect sensitive data and other vital assets,...

In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open new avenues for innovation. However, with great power comes great...

2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement: the technology used to manage water pressure was developed by...

The dynamism of Artificial Intelligence (AI) is transforming not only the tech landscape but also various sectors of human activity at breakneck speeds. Unfortunately, with any progress in technology, these advances aren’t only being applied in beneficial ways. The sad fact is that some of the most tech-savvy people have chosen a criminal path,...