43% of C-suite executives and 12% of small business owners (SBOs) have experienced a data breach, according to Shred-it. While businesses are getting better at protecting their customers’ personal and sensitive information, their focus on security training and protocols has declined in the last year. This decline could pose issues for businesses, as 83% of…

In October 2020, Microsoft patched a set of vulnerabilities that included critical networking bugs CVE-2020-16898 and CVE-2020-16899. Known as “Bad Neighbor” or “Ping of Death Redux,” these flaws lurk in the TCP/IP networking implementation in Windows in how incoming ICMPv6 packets are handled under certain conditions. Both CVE-2020-16898 and CVE-2020-16899 represent the Bad Neighbor vulnerability,…

The importance of privacy and data protection is a critical issue for organizations as it transcends beyond legal departments to the forefront of an organization’s strategic priorities. A FairWarning research, based on survey results from more than 550 global privacy and data protection, IT, and compliance professionals outlines the characteristics and behaviors of advanced privacy…

Amazon Web Services (AWS) has made available three new S3 (Simple Storage Service) security and access control features: Object Ownership Bucket Owner Condition Copy API via Access Points Object Ownership Object Ownership is a permission that can be set when creating a new object within an S3 bucket, to enforce the transfer of new object…

While passwords may not be going away completely, 92 percent of respondents believe passwordless authentication is the future of their organization, according to a LastPass survey. Passwordless authentication reduces password related risks by enabling users to login to devices and applications without the need to type in a password. Technologies such as biometric authentication, single-sign-on…

Today’s networks have more sophisticated automated defenses than ever, yet cybercriminals are taking full advantage of business disruptions and distractions in 2020. Adversaries are exploiting user behavior and leveraging trusted operating system tools to pursue “actions on objective” and evade detection. When used in combination, these techniques are effective at bypassing automated defenses to gain…

Phishing ranks low on the list of cyberattacks in terms of technological sophistication. Even more sophisticated phishing variants like spear phishing (focused and often personalized phishing attacks) and whaling (phishing attacks focused on high-profile or high-dollar targets) are focused more on social engineering than on technology. Yet phishing remains one of the most effective types…