-
News Article Aug 27, 2024
A patched vulnerability in Microsoft 365 Copilot could expose sensitive data by running a novel AI-enabled technique known as "ASCII Smuggling" that uses special Unicode characters that mirror ASCII text, but are actually not visible to the user interface.
-
Podcast Aug 27, 2024
Root Causes 415: What Can I Do with These New FIPS PQC Standards?
NIST recently released PQC algorithmic standards in FIPS-203, 204, and 205. We describe what is necessary for enterprises to begin using these algorithms.
-
News Article Aug 26, 2024
The Port of Seattle, which oversees the Seattle-Tacoma International Airport (Sea-Tac), recently confirmed that a possible cyberattack disrupted several critical systems, including websites and phone services, beginning on August 24, 2024. Initially, the incident was reported as system outages, but it was later acknowledged that a cyberattack could be the cause.
-
News Article Aug 23, 2024
No longer relegated to post-doctorate physics academia and sad Schrödinger's cat thought experiments, post-quantum computing remediation has arrived in the real world.
-
Podcast Aug 23, 2024
Root Causes 414: What Are the Revocation Periods for Public Certs?
We detail mandatory revocation periods for leaf certificates and intermediates and explain when a 24-hour versus a 120-hour revocation deadline applies.
-
News Article Aug 21, 2024
A critical configuration bug was observed that affects applications using the AWS Application Load Balancer (ALB) for authentication, a flaw dubbed "ALBeast" that could lead to unauthorized access to business resources, data breaches, and data exfiltration.
-
News Article Aug 21, 2024
In the rapidly evolving landscape of cloud computing, security remains a top concern—one that continues to challenge both providers and users. The recent discovery of the ALBeast vulnerability, a critical flaw in AWS’s Application Load Balancer (ALB) authentication, serves as a stark reminder that even the most trusted cloud services are not immune to serious security risks.
-
News Article Aug 21, 2024
A hardware backdoor in millions of RFID smart cards used to open hotel rooms and offices doors and made by a Chinese company that enables bad actors to instantly clone the cards.
-
News Article Aug 21, 2024
Here's what you need to know about why the Log4j flaw, Log4Shell, remains a threat — and how to protect your organization with a modern software security approach.
-
News Article Aug 21, 2024
Three years after its discovery, Log4Shell remains one of the software flaws that are most used by threat actors, a new report released by Cato Networks has found. Thereport exposed a 61% quarter one to quarter two increase in the attempted use of the vulnerability in inbound network traffic and a 79% increase in use in WAN-bound traffic during the same period.
-
News Article Aug 21, 2024
Security researchers have discovered a backdoor in a popular make of contactless key card, that could be exploited at scale to open hotel room and office doors across the globe.
-
Blog Post Aug 20, 2024
Digital certificates take many forms but they share the same primary goal: to authenticate a website or server's identity.