Nik Hewitt

TrueFort

Understanding the distinction between macro segmentation vs. micro segmentation, and making the right choice  Within network security segmentation, macro segmentation vs. micro segmentation are crucial methods to consider for organizations aiming to protect their digital assets. Though distinct in their approach and execution, these strategies serve the common purpose of ... Read More

Fortinet’s FortiClient EMS product exploited via CVE-2023-48788, a critical SQL injection vulnerability : OFFICIAL CVE-2023-48788 PATCHING INFORMATION : The CISA (Cybersecurity and Infrastructure Security Agency) has alerted organizations to actively exploit ‘The Fortinet FortiClient EMS vulnerability’ (CVE-2023-48788), a critical SQL injection flaw enabling unauthenticated attackers to execute arbitrary code via ... Read More

NSA and CISA release a  joint guide outlining ten pivotal cloud security strategies for enterprise In a business world dominated by cloud-based solutions, robust cloud security strategies for cloud environments have never been more vital. Recognizing this urgency, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency ... Read More

The Biden administration issues a cybersecurity call to action for the US water industry amid flood of cyber threats targeting essential systems This directive (see the official guidance) comes in the wake of revelations that utilities are facing increasingly sophisticated water industry cybersecurity attacks, some linked to state-sponsored actors from ... Read More

How can cybersecurity teams adopt Scrum for agile and responsive best practices? Staying ahead of cybersecurity threats requires cutting-edge technology and agile and effective management practices. Enter Scrum, a framework initially designed for software development projects that has found a well-justified home across many business functions, from marketing to product ... Read More

The cloud repatriation surge and the impact on SOS resources and business cybersecurity  In recent years, the cloud computing landscape has witnessed a significant yet somewhat surprising trend: cloud repatriation.   This movement involves companies shifting workloads and data from public cloud environments back to on-premises data centers or private cloud ... Read More

Generative AI: A new challenge in preparing organizations and setting policies In our swiftly evolving and ‘somewhat spicey’ digital age, Chief Information Officers (CIOs) now find themselves at the helm of navigating through unprecedented technological advancements. Among these, machine-driven content creators emerge as an undeniable potent force, offering transformative potential ... Read More

Navigating compliance hardening: A critical pillar of organizational cybersecurity Safeguarding digital assets against ever-evolving threats demands not just vigilance but a proactive stance towards compliance hardening. This approach ensures that systems are secure and adhere to the myriad cybersecurity regulatory compliance standards that govern them. As digital threats become increasingly ... Read More

Guarding against SmartScreen bypass (CVE-2024-21412) and DarkGate malware campaign A recent surge in cyberattacks has seen malevolent actors exploiting a vulnerability in Windows Defender SmartScreen, a critical security feature designed to protect users from running unrecognized or suspicious files from the internet. This particular flaw, identified as CVE-2024-21412, allowed attackers ... Read More

Sophisticated phishing campaign leverages public services, where remote access Trojans are being delivered via malicious Java downloader A new phishing campaign has surfaced this week which cleverly employs a Java-based downloader to distribute remote access trojans (RATs), such as VCURMS and STRRAT, leveraging public services like Amazon Web Services (AWS) ... Read More