The US and Israel yesterday announced a new bilateral partnership designed to tackle ransomware. The move comes as part of the new US-Israeli Task Force launched on Sunday slated to cover Fintech Innovation and Cybersecurity more broadly. Its participants are currently working on a Memorandum of Understanding (MoU) to support joint activities, including information sharing in threat intelligence, security guidance and regulations. Also mooted are staff training, study visits and cross-border competency-building initiatives such as cybersecurity exercises…

The US authorities have released a new industrial control systems (ICS) alert urging impacted organizations to patch key middleware or risk denial of service and remote code execution attacks. The Cybersecurity and Infrastructure Security Agency (CISA) pointed to a series of vulnerabilities impacting open-source and proprietary implementations of the Object Management Group (OMG) Data-Distribution Service (DDS). The bugs are found in multiple vendors’ equipment: CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS Secure, Connext…

The FBI has fixed a misconfigured web portal that allowed hacktivists to send thousands of fake emails to recipients. News emerged over the weekend that individuals were receiving emails purporting to come from the Department of Homeland Security (DHS) Network and Analysis Group, but which had been sent from a @ic.fbi.gov account. According to screenshots shared on Twitter, they warned of “exfiltration of several of your virtualized clusters in a sophisticated chain attack” — blaming a…

McAfee Enterprise and FireEye recently teamed to release their 2022 Threat Predictions. In this blog, we take a deeper dive into cloud security topics from these predictions focusing on the targeting of API services and apps exploitation of containers in 2022. 5G and IoT Traffic Between API Services and Apps Will Make Them Increasingly Lucrative Targets Recent statistics suggest that more than 80% of all internet traffic belongs to API-based services. It’s the type of…

The past few weeks, I’ve been spending a lot of my free time preparing for the OSCP exam, which means refreshing a lot of skills that I haven’t used in years. A large part of that is rebuilding muscle memory around buffer overflows, so that’s how I spent my four-day weekend. I logged about 70 hours compiling small programs, writing buffer overflows, building simple ROP chains, and honestly having a lot of fun. When I…

Data security and privacy are today a prime focus for most organizations globally. While there have been several regulations and standards introduced to improve data security, the evolving landscape makes it challenging for organizations to stay compliant. For many organizations, GDPR and PCI DSS are the first topics that come to mind when privacy is concerned. While GDPR is an international data privacy law for securing personal data, PCI DSS is a data security standard…