Cybersecurity in Review: The Alarming Trend of Unsupported Systems
Quick question: when is it ok to run a networked system without updates? If the answer takes more than 1 second and is anything other than “never,” we need to talk. Imagine this: a major corporation crippled overnight by a cyberattack, all because of one overlooked detail – outdated systems ... Read More
The AI Supply Chain Is Not Impervious
AI was the leading story of 2023 – to provide some context, ChatGPT became Wikipedia’s most viewed article of 2023 – and it has been implemented in testing or production stages by numerous organizations worldwide. Whether these organizations have already realized the benefits of AI or are still exploring its ... Read More
Improper Separation of User/Administrator Privilege in Cybersecurity
This article is part of a series where we look at a recent NSA/CISA Joint Cybersecurity Advisory on the top cybersecurity issues identified during red/blue team exercises operated by these organizations. In this article, you will find a more in-depth look at the specific issue, with real-world scenarios where it ... Read More
Lack of Network Segmentation in Cybersecurity
This article is part of a series where we look at a recent NSA/CISA Joint Cybersecurity Advisory on the top cybersecurity issues identified during red/blue team exercises operated by these organizations. In this article, you will find a more in-depth look at the specific issue, with real-world scenarios where it ... Read More
Supply Chain Attack Methodologies – It’s the Installer Now
”Supply chain attack” encompasses many different forms of attacks and exploits Yet another type was recently uncovered – malicious behavior in properly signed installers While this particular case was not Java specific, the methodology is language agnostic With various methods at their disposal, attackers have continually evolved their strategies, compromising ... Read More
Insufficient Internal Network Monitoring in Cybersecurity
This article is part of a series where we look at a recent NSA/CISA Joint Cybersecurity Advisory on the top cybersecurity issues identified during red/blue team exercises operated by these organizations. In this article, you will find a more in-depth look at the specific issue, with real-world scenarios where it ... Read More
“Everything” and the Node.js kitchen sink too
*The Supply Chain is vulnerable at all levels, from the code to the distribution *Node.js repository was effectively locked after a developer uploaded a malicious package It’s often hard to differentiate between intended and unintended consequences. A recent “prank” over the holidays complicated life for Node.js developers, underscoring a familiar ... Read More
Default Configurations of Software and Applications in Cybersecurity
This article is part of a series where we look at a recent NSA/CISA Joint Cybersecurity Advisory on the top cybersecurity issues identified during red/blue team exercises operated by these organizations. In this article you will find a more in-depth look at the specific issue, with real-world scenarios where it ... Read More
The Power of the KVM Hypervisor: A Detailed Analysis
The need for virtualization is crucial in many corporate systems, as it offers significant savings in both financial and energy resources. Consequently, advancing in this area is becoming a key focus for organizations of all types and sizes. This blog post focuses on KVM, a key virtualization technology. In this ... Read More
What Does the End-of-Life of CentOS 7 Mean? A Breakdown of Your Options
As CentOS 7 approaches its end of life (EOL), it’s crucial for users and administrators to understand the implications of this transition. The EOL of CentOS 7 isn’t just a unique event but rather a common phenomenon in the lifecycle of Linux distributions. This article breaks down what EOL means, ... Read More