It’s no surprise that cyberattacks are skyrocketing. Report after report indicates they’ve exploded in recent years as cybercriminals take advantage of the rapid proliferation of endpoints, growing reliance on digital devices, and shift toward remote and hybrid work. However, as the number of attacks increases, the types of attacks remain surprisingly simple. You guessed it. They’re still going after passwords, credentials and secrets.

The Cross-Sector Cybersecurity Performance Goals (CPGs) are a new baseline released jointly by CISA, NIST, and the interagency community, with a goal of providing consistency across all critical infrastructure. The primary webpage for these goals gives us a great understanding of what they are (and are not). It is worth delving into those specifics to understand where the CPGs apply, and how they are intended to be used.

As the number of IoT devices grows, predicted “to reach 27 billion or more by 2025 (IDC, IoT Analytics)”, so does the need for IoT device management companies and security solutions. While there are many benefits to the IoT, there are also security risks that come along with it. Gartner estimates that “75% of security failures will result from inadequate management of identities, access, and privileges” by 2023.

We live in the 21st century, where now kids are able to access the internet on their own from as early as 8 years old. Today’s youth are often called “digital natives” because they are so comfortable with living online. But as much as we may admire their proficiency with their devices, we shouldn’t forget that security is probably not top of mind.

So you are going ahead to get that important and mandatory trust authentication: a Code Signing Certificate. The one that is needed to sign a software package or application to avoid any kind of pesky warning notifications that scare the end-users. Great! If you are here, you might already know the significance of using a reliable and trustworthy code signing certificate.

On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass (CVE-2022-27516) vulnerability affecting several versions of Citrix ADC and Citrix Gateway. This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances as Citrix-managed cloud services are not affected. A threat actor could leverage these vulnerabilities in specific circumstances.

Every software we use consists of instructions in the form of computer codes that dictate how computers behave or perform certain tasks. But not all software is designed to make our lives easier. Malware, a portmanteau of the words malicious and software, is specifically designed to help hackers gain access to, steal information from, or damage a computer. Oftentimes, all this happens without the knowledge of the computer user themselves. Until it’s too late, that is.

On November 8, 2022, Microsoft published their November 2022 Security Update and patched six actively exploited vulnerabilities. The vulnerabilities impact Windows and Exchange Server.

It’s the news everyone’s been waiting for: Teleport’s version 11 release! This release is packed with features from SFTP support all the way to GitHub Actions Machine ID compatibility. Let’s dive in!

Cybersecurity, like broader technological disciplines, is an ever-changing landscape that industry professionals must adapt to. The zero-trust model of cybersecurity has grown recently as organizations update their security practices to keep pace with, and stay ahead of evolving threats. Zero Trust Network Access (ZTNA) increased by 230% from 2019 to 2020, and more than 80% of C-suite leaders cite zero-trust as a priority for their enterprises.