Many Legacy D-Link NAS Devices Exposed to Remote Attacks via Critical Flaw

November 11, 2024 at 06:10AM D-Link has alerted users about a critical command injection vulnerability in several discontinued NAS models, leaving them exposed to remote attacks. This emphasizes the importance of maintaining security awareness for legacy devices. **Meeting Takeaways:** 1. **Vulnerability Alert**: D-Link has identified a critical-severity command injection vulnerability. 2. **Affected Products**: The issue … Read more

Put End-of-Life Software to Rest

October 28, 2024 at 10:08AM The commentary discusses the dangers of using end-of-life (EOL) software within organizations, likening it to ignoring a haunted house’s threats. Many companies cling to outdated software due to budget constraints, risking data breaches. It emphasizes the need for audits, communication, and collaboration to effectively manage and eliminate EOL software. ### … Read more

Despite cyberattacks, water security standards remain a pipe dream

September 7, 2024 at 08:44AM Multiple cybersecurity incidents involving water systems in the US, attributed to China, Russia, and Iran, prompt concerns about the vulnerabilities in the water infrastructure. Legacy operational technology (OT) systems, remote cyberattacks, and lack of cybersecurity standards pose significant risks. Attempts to enforce minimum standards have faced legal challenges, leading to … Read more

White House’s Call for Memory Safety Brings Challenges, Changes & Costs

April 5, 2024 at 10:08AM The White House ONCD has released a report supporting the National Cybersecurity Strategy, emphasizing a shift to memory-safe programming languages for improved cybersecurity. The challenge lies in addressing legacy systems and balancing economic and technical considerations. Industry leaders, such as Mozilla, Microsoft, and Google, have invested in memory-safe languages. Practical … Read more

Considerations for Operational Technology Cybersecurity

April 4, 2024 at 08:03AM OT refers to hardware and software controlling physical devices, with unique cybersecurity needs. The convergence with IT introduces vulnerabilities. Challenges include legacy systems lacking modern security measures and the priority of safety and reliability over data integrity. Securing OT environments requires a tailored approach, considering physical processes and cyber threats. … Read more

Details and Lessons Learned From the Ransomware Attack on the British Library

March 28, 2024 at 06:06AM The British Library suffered a destructive ransomware attack in October 2023, with recovery efforts lasting until mid-April 2024. The attack by Rhysida led to data exfiltration, encrypted systems, and server destruction. Lessons learned include the importance of MFA, upgrading legacy systems, network segmentation, cloud usage, secure backups, financial preparedness, and … Read more

Ransomware-hit British Library: Too open for business, or not open enough?

November 27, 2023 at 04:38AM The British Library, known for its public knowledge and vast collection of items, recently fell victim to a cybersecurity breach. Ransomware bandits stole HR data and disrupted the institution’s infrastructure, causing inconvenience to researchers and delaying their work. The attack on the British Library is just one of many corporate … Read more

Product Walkthrough: Silverfort’s Unified Identity Protection Platform

November 20, 2023 at 10:12AM Silverfort is the first unified identity protection platform that integrates with existing identity and access management solutions to protect organizations from identity-based attacks. The platform offers features such as Risk-Based Authentication and Multi-Factor Authentication (MFA) and can protect a wide range of resources, including command-line tools and service accounts. A … Read more

Top 10 DevOps Blunders and How to Sidestep Them

November 13, 2023 at 12:13PM DevOps teams face common mistakes that can hinder their success. These include overplanning or underplanning, relying too heavily on tools, striving for perfection, neglecting security, not understanding the problem, bypassing code reviews and quality gates, logging blind spots, ignoring the artifact lifecycle, not keeping code versions, and sticking to legacy … Read more

Make API Management Less Scary for Your Organization

October 24, 2023 at 08:09AM API modernization is crucial for organizations to enhance security and protect against threats like data breaches and unauthorized access. To achieve this, organizations should use strong authentication methods, encryption for data transfer, access control policies, real-time monitoring, security audits, and employee education. Gloo Gateway is a cloud-native API management solution … Read more