Blog

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation Documenting Data Flows: Navigating the Maze of Cybersecurity with Pac-Man In the world of cybersecurity, documenting data flows is as essential as navigating through a complex maze. Much like Pac-Man, the beloved arcade game character who zips around collecting dots and avoiding ghosts, organizations must meticulously track and understand the pathways that their data takes. This process is encapsulated in C... read more.

• April 29, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/21 Modern Cybersecurity Strategies for Linux Servers (CyberArk) Organizations can effectively bridge the gap between traditional and modern infrastructures by adopting enhanced flexibility, strong authentication support and the ability to integrate with existing security tools. This holistic approach can strengthen security and support the continuous evolution of cybersecurity practices. https://www.cyberark.com/resources/blog/modern-cybersecurity-strategies-for-linux-servers What Is Data Gover... read more.

• April 25, 2025

By Bert Amodol, Posted in Security

When most individuals think about hacking, they often envision someone in a hoodie typing intensely in a dark room with green code streaming across the screen. Actual penetration testing is somewhat less cinematic; nevertheless, it remains an intriguing process that requires meticulous planning, extensive knowledge of cybersecurity and cybersecurity tools, and a strategic approach. In this post, we will provide insight into a real-world penetration test conducted for a mid-sized technology company. The det... read more.

• April 23, 2025

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation Establishing and Maintaining a Data Classification Scheme: The "Sorting Hat" of Cybersecurity If you are a Harry Potter fan, you know the Sorting Hat plays a pivotal role in determining the future of young witches and wizards by categorizing them into one of the four Hogwarts houses: Gryffindor, Hufflepuff, Ravenclaw, or Slytherin. You probably also know which Hogwarts house you want to be in. This classifi... read more.

• April 22, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/14 Citrix and Unicon: Control the endpoint, control the experience (Citrix) When the acquisition was announced in January, we immediately saw the potential to create meaningful synergies. Citrix already leads in delivering virtual apps and desktops, zero trust access, and secure application delivery. By integrating Unicon’s secure endpoint OS and management capabilities, Citrix now offers end-to-end control across the entire technology stack. https://www.citrix.com/blogs/2025/04/09/citrix-... read more.

• April 18, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/7 The Expanding Attack Surface: How One Determined Attacker Thrives in Today’s Evolving Digital Workplace (Proofpoint) While email remains the primary threat vector, cybercriminals are exploiting new channels like messaging collaboration platforms, cloud apps and file-sharing services. This has created a fragmented security landscape with disconnected point products, resulting in higher operational costs, and increasing security gaps. https://www.proofpoint.com/us/blog/email-and-cloud-thre... read more.

• April 11, 2025

By Ken Phelan, Posted in Security

I spent some time with the CrowdStrike team last month going through their annual Global Threat Report. If you haven’t seen it, please do. This should be required reading for every cyber operator - https://go.crowdstrike.com/2025-global-threat-report.html 79 is the percentage of breaches that occurred without malware. Hence the much-used quote, “hackers don’t break in, they log in.” For years a quick explanation of cyber-attacks read as follows: Software has vulnerabilities. Ha... read more.

• April 10, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/31 What is a Data Poisoning Attack? (Snyk) Data poisoning is a sophisticated adversarial attack designed to manipulate the information used in training artificial intelligence (AI) models. By injecting deceptive or corrupt data, attackers can hurt model performance, introduce biases, or even create security vulnerabilities.  https://snyk.io/blog/what-is-a-data-poisoning-attack/ Microsoft to Start Enforcing New Outbound Email Limits (Proofpoint) Microsoft has consistently made it clear tha... read more.

• April 04, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/24 Lurking Threats in Post-Authentication Sessions (CyberArk) MFA is critical, but it’s not enough. Attackers are no longer breaking in; they’re logging in—by taking over valid sessions. Organizations need to rethink identity security beyond just authentication. https://www.cyberark.com/resources/blog/lurking-threats-in-post-authentication-sessions Inside a Scammer’s Toolbox: Common Tools, Tactics and Technologies (Bitdefender) Over the last decade, digitalization, soci... read more.

• March 28, 2025

By Ed Bratter, Posted in Infrastructure

One benefit to Microsoft 365 is the ability to share data and collaborate with partners, customers, vendors and users who are external to your tenant. This benefit, however, can be a scary endeavor as information can be inadvertently exposed to outside entities. Couple this with the fact that tenants by default allow users to share data with outside individuals. Equally concerning is that configuring external collaboration can be complicated because there are multiple options available and there are many ad... read more.

• March 27, 2025