Posts

Zero Trust In The Time Of Covid19

Zero Trust Network

What is Zero Trust Network? Zero Trust is somewhat like navigating through a high-security airport where we scan our ticket and validate our identity at multiple points of entry. It is about implementing and monitoring user-access control at a granular level. Zero Trust Network Access (ZTNA) ensures that only authorized users can access specific applications […]

Zero Trust Network Read More »

Don’t Let Hackers Win: How to Keep Your Applications Secure

Application security is a critical component of any company’s cybersecurity strategy. It is the process of identifying, identifying, and mitigating risks and vulnerabilities in software applications and systems. There are several reasons why a company needs application security.  First of all, application security helps to protect against data breaches and cyber attacks. Hackers and cybercriminals are

Don’t Let Hackers Win: How to Keep Your Applications Secure Read More »

Penetration Testing

Maintaining cybersecurity and regulatory compliance for data privacy is of the utmost importance for businesses in almost every field—but doing it effectively is a moving target. Hackers are continually seeking new ways to gain unauthorized access to your systems, so the external threats you need to guard against are constantly evolving. On top of that,

Penetration Testing Read More »

Supply Chain Security Attack

IconBurst: NPM software supply chain attack grabs data from apps, websites ReversingLabs researchers recently discovered evidence of a widespread software supply chain Iconburst attack involving malicious Javascript packages offered via the NPM package manager. Researchers at ReversingLabs identified more than two dozen NPM packages, dating back six months, that contain obfuscated Javascript designed to steal

Supply Chain Security Attack Read More »

Identifying and Protecting Sensitive Data

In today’s data-driven world, organizations collect and store vast amounts of information. While this data can be invaluable for business operations and decision-making, it also presents a significant challenge: protecting sensitive data. Failing to identify and safeguard sensitive information can have severe consequences, including: Financial losses: Data breaches can cost organizations millions of dollars in fines,

Identifying and Protecting Sensitive Data Read More »

Threat Modeling with STRIDE

Threat Modeling is an essential framework for identifying, analyzing, and mitigating security threats. Today, we’re diving into a blog post that unpacks this concept and introduces us to STRIDE, a threat modeling system born at Microsoft. The Three Views of Threat Modeling STRIDE Unpacked Security Properties vs. STRIDE The CIA Triad & STRIDE The CIA

Threat Modeling with STRIDE Read More »

Securing your Database

During a customary search for vulnerable databases, the team at Comparitech discovered a vulnerable and unprotected MongoDB database belonging to FarFaira, a website designed to promote literacy for children as young as 2 years old. The information on this database includes user sign-in information, email addresses, and social media tokens. That’s why database security is

Securing your Database Read More »

Home Office Network Segmentation

Most of us who are working from home have a flat network that allows free co-mingling of malicious traffic with clean traffic. In the good old days when we used to commute to work, we would have noticed that payroll systems are isolated from user workstations that are isolated from production servers. The flat network

Home Office Network Segmentation Read More »

Log4j

Log4j Vulnerability Explained The Log4j vulnerability allows malicious attackers to execute code remotely on any targeted computer. What is Log4j: Log4j an open-source software, a logging library for Java, is widely used by businesses and web portals. Earlier this month, this open-source software was in the news for its vulnerabilities. Impact Being used by many

Log4j Read More »