All Articles

The recent undocumented code in the ESP32 microchip, made by Chinese manufacturer Espressif Systems, is used in over 1 billion devices and could represent a cybersecurity risk. Its reveal by security researchers has kicked off an interesting discussi

I didn’t see much visibility on this DocuSign hack. This is a situation where the product features were not vetted to understand if they could be misused by malicious fraudsters. There is not a technical vulnerability, it comes down to a design weakn

Explaining cybersecurity is challenging, but with the right visual interface, it is easier to understand the behavioral, technical, and process aspects of cyberattacks.

For the full video Explaining Ransomware: https://www.youtube.com/watch?v=njXi-NoL

Details emerge on how a bad CrowdStrike update was allowed to land on Windows systems and cause over 8 billion computers to fail.

I discuss their leadership and break down the preliminary Post Incident Review document to reveal the point of failure fo

Let’s talk about CrowdStrike’s quality assurance failures! Thanks to Help Net Security for publishing my opinion piece. Take a look for a more in-depth explanation of how the bad update made it to over 8 million devices and caused widespread global o

When I heard of the MSI compromise, I had similar fears of an IT supply chain attack. However, after walking the logic and high-level details I felt that the current attack was unlikely a sophisticated play to compromise downstream consumers of MSI p

I like the concept of ‘banning’ the sale of offensive cyber weapons to potential adversaries, but what defines technology as offensive versus defensive?

Israel just announced it will ban the sales of hacking and surveillance tools to 65 countries: htt

For many organizations the success or failure of IT initiatives is predicated on the selection of the appropriate technology vendor. Despite the critical nature of this process, many organizations underestimate the time and effort it takes to make a

We have heard a lot about secure SDLC (Software Development Life Cycle). So, what next? Everything transforms with time and now is the time for Secure SDLC to be transformed. Secure SDLC is probably going to get metamorphosed into Secure Dev-Ops.

What

Log management is one of the primary requirements for building an enterprise class SOC. In security, Log analysis is often the first step in incident forensics. Operating systems such as windows, Unix, Linux and other network devices such as routers,

Short of resources, but still want to have a strong IT-security ecosystem? There are multiple tools in the market specially for small to medium enterprises who can use these open source tools. Although, they can't match the capabilities as provided b

Almost all security research has a question often left unanswered: what would be the financial consequence, if a discovered vulnerability is maliciously exploited? The security community almost never knows, unless a real attack takes place and the da

If you’re thinking that the industry you’re operating in is safe from cybersecurity threats then you might have to think again. In this article, we’ll specifically discuss the implications of breaches on healthcare businesses and why is annual penetr

The cybersecurity industry is consumed with scale and effectiveness of one of the biggest hacks in recent memory.  The emerging narrative and stories are missing important pieces of the puzzle.  The attackers, likely a nation-state, gained unpreceden