A Cyber Insurance Backstop

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after ...

Survey on 2024 IoT Security Crisis

Surveys play an important role in setting strategy and choosing how to address a difficult situation.  Organizations today are urgently in need of addressing their IoT security situation; it’s the fastest growing ...

The Coming End of Biometrics Hastens AI-Driven Security

Until recently I thought we had a lot of time ahead of us to be secure in using biometrics to authenticate who I am and what I should have access to.  But ...
SOC, SOCs, cybersecurity, zero-trust SOC 2

SOC-as-a-Service: The Five Must-Have Features

SOCs are one of the most important functions of an organization’s security defenses, but they are also a heavy drain on resources ...
Security Boulevard

Confessions on MFA and Security Best Practices

The last couple weeks have brought a few discussions on the topic of multifactor authentication or MFA (sometimes also referred to as 2FA or two factor authentication).  These discussions have been driven ...

MGM’s IoT Cyber Attack and Its Implications

| | Blog, cyber, iot, Vulnerabilities
What if all the IoT devices in your organization (and deliver revenue and profits) all were shut down for 10 days because of cyber attack?  This isn’t a theoretical, it was the ...
DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905)

DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905)

4 min read Dor Dali of Cyolo uncovers CVE-2023-24905, a RCE vulnerability in Windows on ARM RDP Client, exploring the vulnerability’s root causes. The post DLL Hijacking Strikes Back: Exploiting Windows on ...
identity governance security Spera deepfake identity management

What you Missed in the White House National Cybersecurity Strategy

On the heels of the White House’s National Cybersecurity Strategy, there were plenty of reactions and opinions about how cybersecurity strategies and priorities must change. But most people missed one critical callout: ...
Security Boulevard

How Zero Trust Enables the National Cybersecurity Strategy

| | Blog, cyber, data
5 min read The recently released US National Cybersecurity Strategy stresses a commitment to the application of a zero-trust architecture as well as the modernization of both IT and OT systems. The ...

Lessons Learned from the Ongoing LastPass Data Breach Saga

| | Blog, cyber, data
5 min read The LastPass data breach debacle could happen to anyone. We break down the ongoing attacks and offer tips for avoiding a similar fate. The post Lessons Learned from the ...