Expert analysis
The impact of the Log4j vulnerability on OT networks
Operational Technology (OT) networks are at risk from the recently-announced Apache Log4j (CVE-2021-44228) vulnerability. On the surface, it is not clear why this should be. …
How to implement security into software design from the get-go
Software professionals know that the working relationship between developers and security teams can be complicated. Most security professionals feel it’s part of a …
Europe’s quantum communication plans: Defending against state-sponsored cyber attacks
State-sponsored cyberattacks are on the rise and are a significant part of the future of warfare. Why would a nation send humans to a frontline when it can take out the …
Passwordless verification API transforms every mobile phone into a security token for zero trust access
What is small, tamper-proof, cryptographically secure, and already used by 6.37 billion people? The SIM card. We carry this compact piece of secure tech everywhere without …
Hybrid work is dead, long live “work”
As we head into 2022, work will no longer be distinguished by where an employee (or student) is working or learning from. Work from wherever, on whatever device, will simply …
Unused identities: A growing security threat
In early May 2021, Colonial Pipeline, the operator of the pipeline that pumps 45% of the East Coast’s fuel, announced that they had been hacked. In his testimony before the …
Microsoft vulnerabilities have grave implications for organizations of all sizes
Microsoft software products are a connective tissue of many organizations, from online documents (creating, sharing, storing), to email and calendaring, to the operating …
December 2021 Patch Tuesday forecast: How do you stack up?
I can’t believe that the end of 2021 is already in sight, and looking backwards, I have to say we’ve had our share of interesting events. If I had to characterize it from a …
Extracting value from the interconnected network of risk management
From the CISO to the SOC operator, defenders struggle to maintain complete situational awareness. Holistic approaches to risk management require the implementation of a …
From DDoS to bots and everything in between: Preparing for the new and improved attacker toolbox
A quick glance at global headlines shows a new breach, ransomware, DDoS, or bot attack on a near-daily basis. Orchestrating these attacks and selling hacking tools has become …
The threats of modern application architecture are closer than they appear
Modern applications and software have evolved as the transition to the cloud was accelerated by widespread digital transformation, as enterprises of all sizes made heavy …
EU key management in 2022
It was reported that the private key used to sign EU Digital Covid certificates (aka “vaccine passports”) was leaked and circulated on messaging apps and online data breach …