Blog

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation Jurassic Park and the Forgotten Gatekeepers: Why You Need an Inventory of Authentication and Authorization Systems In Jurassic Park, the park’s downfall wasn’t just the dinosaurs, it was the lack of control over who had access to what. Dennis Nedry, the disgruntled systems engineer, had unchecked access to critical systems. When he disabled security to steal embryos, no one knew how to stop him... read more.

• September 24, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/15 npm Supply Chain Attack via Open Source maintainer compromise (Snyk) The open source developer fell victim to a phishing email that allowed an attacker to gain access to their npm account. This enabled the attacker to inject malicious code into many highly popular npm packages, creating a supply chain attack. https://snyk.io/blog/npm-supply-chain-attack-via-open-source-maintainer-compromise/ The 2025 Cybersecurity Hall of Shame: 10 Mistakes People Still Make Many cybersecurity mistakes cont... read more.

• September 19, 2025

By Bert Amodol, Posted in Security

Many cybersecurity mistakes continue to be observed in 2025 despite the availability of advanced security tools and ongoing awareness efforts. These errors range from simple oversights to choices made for convenience, each potentially increasing the likelihood of security incidents. Below is an overview of ten common cybersecurity mistakes that still persist. Using Weak Or Default Passwords In 2025, some individuals continue to use weak passwords or leave default credentials unchanged. Weak or default pa... read more.

• September 15, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/8 What Is a Hybrid Mesh Firewall and Why It Matters (Palo Alto Networks) A hardware-only approach leaves gaps at the edge, while cloud-only firewalls can’t provide consistent protection across on-premises infrastructure. The result is operational complexity with blind spots and an expanding attack surface. https://www.paloaltonetworks.com/blog/2025/08/hybrid-mesh-firewall-and-why-it-matters/ Cybersecurity Stop of the Month: BEC Attacks Targeting Government Agencies (Proofpoint) What make... read more.

• September 12, 2025

By Eric Corcoran, Posted in Technology Week in Review

Tuesday 9/4 What Is a Hybrid Mesh Firewall and Why It Matters (Palo Alto Networks) A hardware-only approach leaves gaps at the edge, while cloud-only firewalls can’t provide consistent protection across on-premises infrastructure. The result is operational complexity with blind spots and an expanding attack surface. https://www.paloaltonetworks.com/blog/2025/08/hybrid-mesh-firewall-and-why-it-matters/ Cybersecurity Stop of the Month: BEC Attacks Targeting Government Agencies (Proofpoint) What mak... read more.

• September 05, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/25 The Value of IR Planning and Incident Readiness (Arctic Wolf) Whether dealing with ransomware, business email compromise (BEC), or other cyber threats, IR planning is vital to a strong IR process, as it can shorten response and remediation time, help identify and prepare key stakeholders, streamline when and how to initiate complex processes like digital forensics, and support business continuity and executive management. https://arcticwolf.com/resources/blog/the-value-of-ir-planning-and-inci... read more.

• August 29, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/18 Speed kills: AI coding tools revive old-school hacks (ReversingLabs) The adoption of AI coding tools has exploded in recent years with their promise of speeding development and automating time-consuming manual tasks such as code audits. But the tools bypass a wide range of accepted security standards — and introduce serious risks for development teams, the researchers warned.  https://www.reversinglabs.com/blog/ai-coding-tools-old-school-hacks DataOps: Optimizing the Data Experien... read more.

• August 22, 2025

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation CIS Safeguard 5.6: Centralize Account Management In Thor: Ragnarok, there’s a memorable and comical scene where Thor is trying to escape Sakaar aboard a QuinJet. Thor starts the QuinJet with the panel green. QUINJET (V.O.): Voice verification required. THOR: Thor. QUINJET (V.O.): Access denied. THOR: Thor, son of Odin. QUINJET (V.O.): Access denied. THOR: God of Thunder. QUINJET (V.O.): Ac... read more.

• August 19, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/11 From Cloud to Hybrid: 360° Runtime Protection, Anywhere You Run (Wiz) Securing hybrid infrastructure requires more than just extending existing tools. It demands a new approach that connects workload insights with broader infrastructure context, all in real-time. https://www.wiz.io/blog/from-cloud-to-hybrid-360deg-runtime-protection-anywhere-you-run How to Prevent Helpdesk Social Engineering Attacks (HYPR) Helpdesks are critical support hubs, but their central role makes them prime targ... read more.

• August 15, 2025

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation Mission: Impossible and the Mystery of Service Accounts — Why You Need an Inventory In Mission: Impossible, Ethan Hunt and his team rely on stealth, precision, and insider knowledge to infiltrate secure systems and extract sensitive data. But imagine if the IMF (Impossible Mission Force) didn’t know who had access to what. Chaos, right? That’s exactly what happens in many organizations wh... read more.

• August 13, 2025