The other week in San Francisco at IETF117, a group of developers and subject matter experts gathered to do just that. The IETF mission is: “To make the internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the internet.” This standards body is quite unique – anyone with the right passion can join. Believe it or not, humming is a measure of consensus.

The Vermont Department of Financial Regulation is an organization that oversees the financial sector within the state. The department is split into four divisions: Securities, Banking, Captive Insurance, and Insurance. Any businesses involved in these companies must answer to this department, and many Vermont residents have supplied the department with information to help it carry out its everyday role.

As the number and severity of cybersecurity attacks rise each year, organizations are compelled to look for measures to protect sensitive data. The abundance of cybersecurity solutions on the market may create confusion and pressure, as choosing the wrong one may lead to security gaps. Many companies turn to data loss prevention (DLP) systems, since they have been on the market for years. But is a DLP system enough to protect your data?

A strong vulnerability management program underpins a successful security strategy overall. After all, you can’t defend weak points you don’t know are there. It is predicted that 2023 will see an average of 1,900 critical Common Vulnerabilities and Exposures (CVEs) a month, up 13% from last year. This is due to increased interconnectedness, the addition of more tools, IoT devices and SaaS services, and the increased risk of human error.

On August 4, 2023, security researchers published a blog detailing a critical remote code (RCE) vulnerability in PaperCut NG/MF print management servers (CVE-2023-39143: CVSS 8.4). CVE-2023-39143 could allow unauthenticated threat actors to read, delete, and upload arbitrary files on compromised systems, which results in RCE. Additionally, this vulnerability does not require user interaction.

A few years ago, I wrote about the importance of security immutability. More specifically, I discussed how important it is that your environment be unchangeable in order to ensure that it remains secure. As I looked back on the article, I found it rather amusing that the article was published 4 years ago, but that feels like a lifetime ago. In the last few years, we really have seen just how volatile the world can be.

From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps. The attacks have been targeting victims mainly in North America and Asia, across different segments, led by the technology, financial services, and banking sectors.

For the fourth consecutive year, we received a Tech Cares Award from TrustRadius! This fourth annual award celebrates companies that have gone above and beyond to provide strong Corporate Social Responsibility (CSR).

You have A LOT on your plate as a healthcare administrator in 2023. From an increase in workplace violence and the need to keep medications out of unauthorized hands, to an abundance of private data to keep safe and costly medical equipment and supplies to protect, it might feel like your to-do list goes on and on. And, we don’t have to tell you, but the healthcare sector is expanding and evolving at an increasingly rapid pace.

The Sysdig Threat Research Team (Sysdig TRT) recently discovered a new Freejacking campaign abusing Google’s Vertex AI platform for cryptomining. Vertex AI is a SaaS, which makes it vulnerable to a number of attacks, such as Freejacking and account takeovers. Freejacking is the act of abusing free services, such as free trials, for financial gain. This freejacking campaign leverages free Coursera courses that provide the attacker with no-cost access to GCP and Vertex AI.