What is the Log4Shell Bug and, What Does it Mean for My Business?

log4shell bug featured

The recent uncovering of the Log4Shell bug, tied to the ubiquitous log4j module, has swept through private and public organizations reliant on IT logging technology. A relatively simple bug, the implications of its widespread use means that remediation will be a long, complex endeavor. While the potential millions of implementations wait for updates, however, the complex infrastructure of national IT is vulnerable to attack. 

Read more about this bug and its potential threat to organizations across the world. 

 

Read More

What is Sandbox Security and How Is it Shaping Web Security?

sandbox featured

For decades, the golden rule for web security was simple: don’t download and execute files on your computer. Ignore attachments from unknown sources, refrain from opening PDFs or Word documents with macros, and avoid getting software from any source other than the creator. Firefox is taking the next step by creating new sandboxing technology that could have a big impact on securing user workstations. 

But times change, and now even websites can infect your computer with malware or separate you from your personal account information. This threat has become a problem that browsers like Firefox are now implementing security measures to protect users against these threats. 

Needless to say, malicious software is always a threat to businesses large and small. Because of this fact, secure browsers utilizing technologies like sandbox security may become a critical part of low-level compliance for the foreseeable future.

 

Read More

What Are FIPS 199 and FIPS 200 and, How Are They Related?

fips featured

There are several compliance standards for federal and defense cybersecurity. CMMC, FedRAMP, the Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) all serve critical functions in protecting government IT systems and associated vendor products and services.

Behind all of these frameworks are crucial security publications, each one serving a particular purpose in defining the practices, controls and procedures that organizations can use to meet their compliance demands. We’ve previously covered such documents as NIST 800-53 and NIST 800-171, showing how these documents play a role in national cyber defense.

In this article, we’ll discuss two more guidelines: Federal Information Processing Standard (FIPS) 199 and FIPS 200.

 

Read More