Security News

Vulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. The chart below suggests that even Critical Vulnerabilities are taking around 6 months on average to resolve, but that is encouragingly at least 36% faster than the time for low-severity issues.

Test via a DNS server that was specially created to track and teach you about DNS traffic. By default, DNS requests include a single "Identification tag", which is referred to in the DNS data-format documentation simply as ID. Amazingly, despite having received numerous updates and suggested improvements over the years, the official internet RFC document that acts as the DNS specification is still RFC 1035, dating all the way back to November 1987, just over 35 years ago!

The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management. The scope of identity fabric includes any human, machine, or application that is granted access to your applications and data.

The European Union Agency for Cybersecurity has made available Awareness Raising in a Box, a "Do it yourself" toolbox to help organizations in their quest to create and implement a custom security awareness raising program.A guideline on creating an awareness campaign targeted at external stakeholders.

Riot Games, the video game developer and publisher behind League of Legends and Valorant, says it will delay game patches after its development environment was compromised last week. Riot Games also added that the breach directly impacted its ability to publish patches for its games.

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers.

Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack," the Intuit-owned company said in a disclosure.

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware...

Even with good practices in place, the dynamic nature of vulnerability identification, and ever-increasing attack tools and techniques, vulnerabilities can escape the best defenses and make their way into released products. There are several key strategies and best practices to create an effective PSIRT. Understanding these strategies and best practices ensures that your organization is prepared to manage and address vulnerabilities as they arise effectively.

All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on "Need to know" informational bulletins. A formal set of message templates will allow you to deliver both event-based and proactive communications, which ensures that everyone is up to speed on critical developments, projects and company policies.