Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks evolve daily, and defenders are forced to adapt at the same rate. Cybersecurity best practices, however, are updated and codified much less frequently. There is broad experimentation in the field, and it takes some time for authoritative working groups to sort out which new practices and controls are practical and consistently effective for a large cross-section of users. Some guidelines and standards are updated every year or two and others much less frequently.

If you didn't trust contactless payment processors before, you really won't after hearing about this recent scam. The Aurora Police Department Economic Crimes Unit posted this tweet last week with a warning: Source: Twitter In a statement by Aurora Police Sergeant's Dan Courtenay on how cybercriminals obtain the user data to FOX31, “Now they have Bluetooth, where they can just sit in the parking lot of the gas station and it feeds right onto their laptop,” Courtenay said.

Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan. “In the past, poorly worded or grammatically incorrect emails were often telltale signs of phishing attempts,” Kaburu writes. “Cybersecurity awareness training emphasized identifying such anomalies to thwart potential threats. However, the emergence of ChatGPT has changed the game.

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) impacting macOS, iOS, iPadOS, and watchOS products that was used in a zero-click exploitation chain by the NSO Group. Shortly after, on September 11, 2023, Google released an update to fix a buffer overflow vulnerability (CVE-2023-4863) in Google Chrome, which was reported by Apple’s Security Engineering and Architecture (SEAR) and Citizen Lab.

On September 27, 2023, Progress Software released a security advisory detailing multiple vulnerabilities in their WS_FTP Server product, including two with a critical severity rating. CVE-2023-40044 (CVSS 10) is a deserialization vulnerability that affects the Ad Hoc Transfer module and could allow a threat actor to obtain remote code execution if successfully exploited.

A New World: The Cloud and Statistical Computing For biotechs, statistical computing has traditionally required complex on-premises infrastructure. Configuring servers and storage for data science became cumbersome and fluctuating project needs made scaling a headache. An immediate solution was needed, especially considering the complex needs of biostatisticians and data scientists alike. Enter The Cloud Enter the cloud revolution.

In an era of rapid digital transformation, where remote work, cloud adoption, and IoT proliferation are reshaping the modern enterprise landscape, the need for a robust and flexible network infrastructure has become paramount. Enter secure access service edge, or SASE, a revolutionary approach that seamlessly integrates network and security functions to meet the demands of the modern business environment.