Uncategorized
SQL Injection Attack on Airport Security
Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic ...
Alarming Intrusion: Chinese Government Hackers Target US Internet Providers
A recent Washington Post report sent shockwaves through the cybersecurity landscape, revealing that Chinese government-backed hackers have infiltrated at least two major US internet service providers (ISPs) and several smaller ones ...
Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers
As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. New findings from Forescout – Vedere Labs, the industry ...
Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0
The NIST Cybersecurity Framework (CSF) has long served as a cybersecurity cornerstone, offering a structured approach to managing and improving cybersecurity risk. With the release of NIST CSF 2.0, organizations are poised ...
Beyond CVSS: Advanced Vulnerability Prioritization Strategies for Modern Threats
The sheer volume of vulnerabilities discovered each year—combined with limited time and resources—demands a more sophisticated strategy for prioritization. While the Common Vulnerability Scoring System (CVSS) has long been the industry standard ...
How Multifactor Authentication (MFA) Can Reduce Your Cyber Attacks Risk?
How Multifactor Authentication (MFA) Can Reduce Your Cyber Attacks Risk? Did it ever cross your mind to ask if your password can defend your sensitive info on the web all by itself? ...
PCI 4.0.1. has arrived. Here’s what you need to know about Requirement 6.4.3
As the Payment Card Industry Data Security Standard (PCI DSS) compliance standards continue to evolve, our team has been fielding a number of questions about the changes to 4.0, how to interpret ...
NIST Releases First Post-Quantum Encryption Algorithms
From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was ...
Top Trends in 2024 Reshaping the PKI Landscape
As we move through 2024, three events are causing significant disruption in the Public Key Infrastructure (PKI) landscape – the Entrust CA distrust incident, Google’s proposal for 90-day TLS certificate validity, and ...
On the Voynich Manuscript
Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript. No one has been able to understand the writing yet, but there are some new understandings: ...