In the digital world, where countless users communicate, share data, and engage in diverse activities, determining the origin and actions behind these interactions can be quite challenging. This is where non-repudiation steps in. Coupling other security factors, such as delivery proof, identity verification, and a digital signature, creates non-repudiation. This guarantees that the parties involved in the transmission are unable to renounce the execution of an action.

Over the past twenty years, I have navigated a unique journey through the cybersecurity landscape. My path has taken me from the realms of hacking and academia into the heart of threat intelligence (TI), culminating in my current role. Since I joined Cato in 2021, I’ve been leading security strategy and am proud to share the culmination of Cato’s research efforts in Cyber Threat Research Lab (Cato CTRL), our cyber threat research team.

There are numerous ways for people to pay for products, from traditional methods such as cash or credit cards to gift cards and cryptocurrencies. Interestingly, hackers have found ways to access and misuse each of these methods. Gift cards are a wholesome idea—there’s nothing better than receiving one from your favorite store. However, even gift cards aren’t completely safe. This doesn’t mean you should ignore a gift card you received as a present.

The concept of enterprise-wide ad blocking always provokes a powerful response. Whenever I suggest, even casually, that the next step organizations should take to improve cybersecurity posture is implementing enterprise-wide ad blocking, I can hear the collective screams of sysadmins and help desk personnel everywhere — Websites could have compatibility issues! How will we manage it? Users won’t understand! It could be a help desk nightmare! And you know what? They are absolutely right.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I think the moral of this story is, if you receive an unexpected alert from service you’ve had a long time and wasn’t informed this was a new feature; treat with caution.

Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler. “AI represents a paradigm shift in the realm of cybercrime, particularly for phishing scams,” the researchers write. “With the aid of generative AI, cybercriminals can rapidly construct highly convincing phishing campaigns that surpass previous benchmarks of complexity and effectiveness.

According to the U.S. Chamber of Commerce, the pressure is mounting on small and medium businesses (SMBs), as they must get their cyber preparedness correct or the next cyber attacks could prove disastrous.

As cybersecurity becomes increasingly important in software development, the “shift left” security approach is widely recognized as a best practice for ensuring superior application security. Numerous traditional security firms are introducing shift-left products and capabilities, and the concept is gaining traction. However, some open source application security tools are more developer-friendly than others.

PCI DSS version 4.0 recently took effect on March 31, 2024, and includes no less than 63 new requirements. This is the first update of the information security standard designed to defend against payment and credit card fraud since the release of PCI DSS v3.2 eight years ago.

Keeping Windows Server systems updated with the latest patches is one of the key things that administrators can do to ensure their Windows Server environments are stable and secure. Patching is one of the necessary evils that administrators need to manage to keep Windows, Linux, and other environments healthy. Hyper-V hosts are part of the infrastructure that also needs to be kept updated.