Cross-Site Scripting (XSS) attacks are bad news. And they can affect lots of people, often unknowingly. Chief among the top cybersecurity threats affecting users worldwide, any website with unsafe elements can become vulnerable to XSS attacks — making visitors to that website unwitting cyberattack victims. To secure your website from XSS attacks, you must first know what they are.

Vulnerability scanning is the action of conducting an automated review of your system to look for potential risks and vulnerabilities. For budding information security professionals (or even those who have worked in the field for years), there is always something new to learn. Not only is it a highly intricate and advanced field but, on a daily basis, there is a cat-and-mouse game happening between security engineers and hackers.

In this episode of the Trust Issues podcast, host David Puner interviews Nigel Miller, Director of Security Operations and Engineering at Maximus, a company that provides process management and tech solutions to help governments improve their health and human service programs. Nigel discusses his role in keeping the company’s nearly 40,000 employees cyber-trained and secure.

Ransomware has gone global. While 2022 saw a reprieve in the sheer number of ransomware attacks (the attack rate dropped at the same time as the war between Russia and Ukraine began), it also saw the rise of ransomware-as-a-service, the proliferation of attacks of major organizations, and attacks that stretched across time zones and borders. In 2022, nine of our top 20 breaches involved ransomware (45%), affecting millions of individuals and their private data. That is up 15% over 2021.

Recently, Amazon accidentally exposed information on Amazon Prime Video viewing habits to the public. In addition, Thomson Reuters news and media company admitted that their servers had compromised 3TB of data by public-facing ElasticSearch databases. Well, these are the type of news we often see on the front page of cybersecurity forums. But if you dig a bit deeper, you will find that these data leaks are caused by misconfiguration, not cyber attacks.

As your business grows and your services scale in number and complexity, it’s difficult to maintain a rapid pace of innovation while keeping your applications secure. It’s particularly challenging to respond to attacks, as DevOps and security teams need to collaborate to understand each attack’s root cause and remediate the vulnerabilities that enabled it.

It used to be cool if your car had GPS and a dashboard screen, remote lock on a key, and a video player for the kids to watch movies during road trips. Then came bluetooth for your phone and keyless start. Not anymore. The bells and whistles available in today’s cars have left them all in the dust. Video player? Let’s be honest. This generation knows and expects on-demand streaming to keep them entertained. Cars can now function as fully equipped communications centers.

Telephony fraud is a significant challenge. Companies of all sizes and industries are subjected to the malicious usage of voice and SMS with the intent of committing financial fraud, identity theft, denial-of-service, and a variety of other attacks. Businesses that fall victim to fraud can incur significant financial losses, irreparable damage to their reputation, and legal implications.