Introduction: Why attend conferences?This year will bring plenty of opportunities for professionals to attend conferences, getting them exposed to new products and tools showcased by companies active in the cybersecurity arena. The socializing opportunities afforded by such gatherings enable attendees to connect with industry experts while they network

Introduction: What role does forensic science play in cybercrime investigations?As cybercrimes grow in terms of number of attacks and cost to organizations and businesses, it is obvious that concentrating not only on the prevention but also on the investigation of cases is paramount. Digital forensics, then, is playing a growing role and companies are

The OWASP ProjectThe Open Web Application Security Project (OWASP) is best known for its list of the top ten web application vulnerabilities. This list is updated every few years and is designed to highlight the most common and most impactful vulnerabilities seen in production web applications.However, the main OWASP Top Ten list is not the only OWASP

IntroductionThe use of APIs is now ubiquitous, and the “API economy” is well and truly established. From cloud-based services, back-end services for mobile apps, internal server-to-server services, microservices and even AJAX-based web front-ends, APIs connect and rule.As a result, and especially with the online exposure of online banking and other fin

The growing need for cyber insuranceFueled by the growing number of data breaches, an expanding attack surface and a shortage of cybersecurity talent, cyber risk is a mounting concern for organizations across all industries. A survey of risk managers by consultancy Allianz identified cyber incidents as the top-ranked business risk globally (tied with b

IntroductionZero-day attacks are one of the most dangerous cybersecurity threats. This type of cyberattack targets software vulnerabilities previously unknown to software or antivirus vendors, exploiting those vulnerabilities before they can be mitigated. As a result, zero-day attacks enter a system without any defenses in place — giving administrators

Introduction: What is the Gramm-Leach-Bliley Act (GLBA)?Also called the Financial Modernization Act of 1999, GLBA governs the way in which financial institutions must prevent the disclosure of consumer nonpublic personal information (NPI). The regulation outlines its requirements in three rules:The Financial Privacy Rule (“Privacy Rule”): Requires info

IntroductionIn 2018, card-skimming malware targeting Magento-based online stores resulted in the infection of 7,339 e-commerce sites. Any customer entering card details into the site then had those cards exposed to fraudsters. According to Sophos, the malware homed in on vulnerabilities in Magento as well as using other tricks, including dormant accoun

IntroductionMoving into the second month of 2020, data privacy and security is still headline news. At the end of January, the United Nations called for additional investigations into the Jeff Bezos iPhone breach. Meanwhile, Cisco Systems fixed a vulnerability in its Webex application that enabled remote attackers to gain access to meetings. The first

Introduction: Why attend conferences? Conferences are a great way to gain information and knowledge about advances on cutting-edge technologies but are also opportunities to meet and connect with industry-foremost experts. Participants, in fact, can learn of innovative ideas and new solutions as well as share experiences of security challenges with lik

IntroductionAs IT professionals, we tend to focus on improving the security of devices, networks and other infrastructure. However, in a world where online abuse increasingly spills over into real-world harassment, a new perspective may be required. Perhaps it’s time we began approaching personal security the same way we would for a business: identifyi

Wireshark is a very useful tool for information security professionals and is thought of by many as the de facto standard in network packet and protocol analysis. It is a freeware tool that, once mastered, can provide valuable insight into your environment, allowing you to see what’s happening on your network.What follows is a basic walkthrough of some

IntroductionAffectionately referred to as the Obi-Wan of the cybersecurity world, this catch-all role within an organization really is a sort of information security hero. Organizations rely on cybersecurity experts when they need highly skilled assistance to solve multi-faceted challenges in information security (sometimes on a contract basis). This u

IntroductionWorms are a particularly virulent type of malware that has been around since the 1980s and wreaking havoc on infected systems ever since. Some believe that viruses and worms are the same thing, but this could not be less true: in fact, it is the differences between the two that make worms a unique, dangerous type of malware. This article wi

IntroductionHave you ever wanted to use your cybersecurity know-how and skills to help organizations improve their information security and stamp out vulnerabilities? If so, the role of penetration tester is for you. For those looking to obtain their first penetration tester role within an organization, do you know how to get to this role in the shorte