Cybersecurity Awareness Month 2023: Five Reasons You Need Automatic Software Updates for Your Application Security.

October 2023 marks the 20th anniversary of Cybersecurity Awareness Month. The initiative is spearheaded by the U.S. National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Agency (CISA). It is a collaboration between these U.S. government agencies and industry to raise awareness about cybersecurity, the risks we face from digital crime and cyberattacks, and how to protect ourselves from them. This year, the campaign promotes four key behaviors to strengthen cybersecurity.

A Deep Dive into the History of Cyber Security Awareness Month

Happy Cybersecurity Awareness Month! Since 2004, the United States has recognized October as Cybersecurity Awareness Month. The president at the time, George Bush, alongside the United States Congress, declared October as the month to dedicate to cybersecurity and raise awareness about the importance of protecting sensitive information in the following sectors: Each of these sectors plays a significant role in shaping society's social, economic, and political landscape in the past, future, and present.

CVE-2023-4863: Critical Vulnerability in Widely Used libwebp Library

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) impacting macOS, iOS, iPadOS, and watchOS products that was used in a zero-click exploitation chain by the NSO Group. Shortly after, on September 11, 2023, Google released an update to fix a buffer overflow vulnerability (CVE-2023-4863) in Google Chrome, which was reported by Apple’s Security Engineering and Architecture (SEAR) and Citizen Lab.

NSA & CISA joint advisory for Web Application Access Control Abuse

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about Insecure Direct Object Reference (IDOR) vulnerabilities.

Key Takeaways from the 2023 Domain Impersonation Report

One of the most pervasive and unavoidable threats on the internet, domain impersonation can be used by bad actors as the basis for a wide range of attacks. The various ways in which cybercriminals make use of lookalike domains often fluctuate, and the first half of 2023 has exemplified this fact. Staying on top of security and not falling victim to these attacks requires knowing what the dangers are and keeping track of the threats that are likely to spring up.

James Rees on Self-Reflection and Burnout | Human Psychology

James Rees shares his personal experience with burnout, specifically during the early stages of running a business and facing the pressures of entrepreneurship, such as security incidents and team management. He describes a technique he uses where he steps back from his own emotional reactions to objectively analyze why he may be experiencing extreme anger, sleep problems, or overlooking simple things in his life. This method has proven effective in helping him understand and manage burnout.

CVE-2023-40044, CVE-2023-42657: Two Critical Vulnerabilities Impacting Progress WS_FTP Server

On September 27, 2023, Progress Software released a security advisory detailing multiple vulnerabilities in their WS_FTP Server product, including two with a critical severity rating. CVE-2023-40044 (CVSS 10) is a deserialization vulnerability that affects the Ad Hoc Transfer module and could allow a threat actor to obtain remote code execution if successfully exploited.

How To Send Your Social Security Number Safely

The safest way to send your Social Security number (SSN) is by using a password manager. A password manager is a tool used to keep passwords and other sensitive data secure at all times. A little-known benefit to password managers is that in addition to generating and storing strong passwords, they also aid users in securely sending sensitive information such as Social Security numbers, MFA codes, home deeds, identification cards and more.

What is NERC? Everything you need to know

Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical risks due to the accelerated reliance on cyber-enabled systems and IoT-connected devices, such as smart meters.

Today's Top Cybersecurity Threats & the Impacts to Your Business

With the escalating frequency and complexity of cyberattacks, businesses are constantly under threat. Security operations have become an indispensable aspect of organizational survival and success. Cyberattacks and data breaches regularly make headlines as malicious actors continue to adapt and develop new tactics.