According to NIST, vulnerability management is a security practice that is designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and the exploitation of those vulnerabilities. Vulnerability management is generally defined as the process of identifying, […]
What is Vulnerability Management? Read More »
In network security, a demilitarized zone (DMZ) functions as a subnetwork on an organization’s network infrastructure that is located between the protected internal network and an untrusted network often the internet. The DMZ is designed where there is one inside interface connected to the private network, and one outside interface connected to the public network.
What is a DMZ Network? Read More »
Defense in depth also known as layered security, is a cybersecurity strategy used by organizations to secure and safeguard their network, system, and data. The strategy assumes that attackers will try to penetrate the organization’s defenses, so multiple layers of security controls (physical, technical, and administrative) are put in place to detect attackers at every
What is PII? The Nation Institute of Standard and Technology (NIST), defines personally identifiable information (PII) as Any information about an individual maintained by an agency, including any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or
Personally Identifiable Information (PII) Read More »
It takes over 200 days before a breach is detected studies shows, and such breaches are detected by external parties rather than internal processes or monitoring. There is a huge lack of logging and monitoring in the world today. It’s part of the reason why companies fail to deal with security breaches effectively. Organizations need
Insufficient Logging and Monitoring Read More »
Apple has released a critical software patch to repair a security vulnerability after researchers discovered a security flaw that would allow hackers to infect your Apple devices even if you do nothing, and don’t click on a link. The zero-day attack was discovered by the researchers at the Citizen Lab. The Citizen Lab said the
Do you own an Apple device? Update it right now Read More »
A cyberattack on T-Mobile has exposed the information of over 40 million people. In a statement issued by the organization, that it had been investigating the data breach since last week when it was “informed of claims made in an online forum that a bad actor had compromised T-Mobile systems.” The company said the stolen files
T-Mobile Data Breach, Over 40 Million People Affected Read More »
The Open Web Application Security Project (OWASP) is a non-profit organization focused on improving the safety of software. It was founded in 2001 by Mark Curphey. OWASP features a range of tools it uses, methodologies, and libraries to see web application security to seek out security vulnerabilities in web applications. They even have documentation guidelines
SonicWall a Network device maker has issued an urgent security notice to its customers, warning of imminent ransomware attacks targeting the Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. “The exploitation targets a known vulnerability that has been patched in newer versions of the
Kaseya an enterprise tech firm has confirmed that up to 1,500 businesses were impacted as a result of an attack on its remote device management software. The software was used to spread ransomware to Kaseya customers. The vulnerability found in the supply chain VSA software was the leverage the attackers used against the multiple managed
Kaseya ransomware attack: up to 1,500 affected companies company confirms Read More »