Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently disclosed by researchers and vendors. It was exploited in the wild from August 2023 to October 2023. The issue arises from the HTTP/2 protocol's ability to cancel streams using an RST_STREAM frame, which can be misused to overload servers by initiating and quickly canceling numerous streams, circumventing the server's concurrent stream limit.

In this era, threat actors have proven to be tireless in their pursuit of exploiting vulnerabilities and gaining unauthorized access to online platforms using anything from simple to sophisticated attacks. Today, we delve into shedding light on how attackers employ methods to bypass one of the most common defenses against automated attacks. Particularly on using TOR networks to evade or bypass CAPTCHA.

The recent hype focused on the cURL vulnerability highlights the need for greater visibility and knowledge of your applications' software bill of materials (SBOM)

Air Europa is a Spanish airline that serves travelers from all over Europe, North America, the Caribbean, and Tunisia. The airline welcomes over 430 million fliers each year, with 10,000+ daily flights across the globe. Following a recent hack, some consumers may have had their credit card information stolen. Very little is public about the cyber incident, meaning any traveler could be at risk.

Cybersecurity is becoming a growing priority for organizations, as daily news headlines feature large-scale data breaches due to unauthorized access and ransomware attacks dismantling systems across the globe. The last thing an organization wants is to become the next headline because its poor cybersecurity posture left it vulnerable to hackers. Cybersecurity audits meticulously analyze and report on an organization’s security program, helping them identify weak points that need addressing.

Today’s rapidly evolving digital world requires organizations to build a robust cybersecurity plan to safeguard internal infrastructures and oversee third-party vendors' cyber health. The Essential 8 is a cybersecurity framework developed by the Australian Signals Directorate designed to help organizations protect themselves against different cyber risks.

The Wall Street Journal recently published an article about using highly-emotionally charged, “controversial”, subjects in simulated phishing tests. Controversial topic examples include fake pay raises, reward gift cards, and free Taylor Swift tickets. The younger half of our team is convinced the latter topic would have completely tricked them.

A new report sheds light on whether CISOs have been the victim of a cyber attacks, if they're every paid a ransom, their greatest cyber concerns, and much more. While most of the reports I cover on this blog are typically surveys of those "in the trenches," we do like to cover analysis of c-suite perspectives. The CISO Report from Splunk provides some interesting insight into experienced cyber attacks and their impact.

As increasing percentages of businesses experience cyberattacks, new data provides details on where the most organizational risk lies. According to U.K. cyber insurer Hiscox’s Cyber Readiness Report 2023, attacks are on the rise: With these increases, how prepared are organizations? According to Hiscox, organizations are spending money on the problem; the median cybersecurity spend is a little over $1.39 million (with enterprises spending $4.9 million).

In the past, passwords alone were considered an effective security measure for protecting user accounts and deterring cybercriminals. Motivated by the increased threat of data breaches and other cyber attacks, the cybersecurity industry has since evolved from relying on passwords to favoring more robust authentication methods, such as multi-factor or two-factor authentication (2FA).