Security Boulevard

Silver Spring, United States / Maryland, 15th January 2025, CyberNewsWire

The post Aembit Announces Speaker Lineup for the Inaugural NHIcon appeared first on Security Boulevard.

Tel Aviv, Israel, 15th January 2025, CyberNewsWire

The post Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04% appeared first on Security Boulevard.

Sweet Security today added a cloud detection engine to its cybersecurity portfolio that makes use of a large language model (LLM) to identify potential threats in real-time.

The post Sweet Security Leverages LLM to Improve Cloud Security appeared first on Security Boulevard.

Zero trust as a concept is simple to grasp. Implementing a zero trust architecture, on the other hand, is complex because it involves addressing a unique mix of process, procedure, technology and user education. Here are some considerations to keep in mind as you begin your journey.

Draft guidance on implementing a zero trust architecture, released by the National Institute of Standards and Technology (NIST) on Dec. 4, 2024, gives government agencies and private sector organizations a solid blueprint to follow. There are a number of additional considerations to keep in mind as you begin your journey.

First and foremost, zero trust is an alternative way of thinking about information security that treats trust as a vulnerability. It removes trust entirely from digital systems and is built upon the idea that security must become ubiquitous throughout the infrastructure. The concepts of zero trust are simple:

• All resources are accessed in a secure manner, regardless of location.
• Access control is on a "need-to-know" basis and is strictly enforced.
• All traffic is inspected and logged.
• The network is designed from the inside out.
• The network is designed to verify everything and trust nothing.

A zero trust architecture can be implemented using commercial off-the-shelf technology. It's built upon current cybersecurity best practices and dovetails with a robust exposure management program. In fact, exposure management and zero trust go hand-in-hand.

5 things to keep in mind about zero trust

Here are five considerations as you begin your zero trust journey:

1. Zero trust is a strategy, not a SKU. In most organizations, it can be implemented using existing off-the-shelf cybersecurity products. There is no single zero trust product your organization can purchase and plug in to transform your risk posture overnight.
2. Zero trust requires a foundation of strong exposure management. As the National Institute of Standards and Technology (NIST) guidelines make clear, you can't build a zero trust strategy without first having accurate visibility into all of the organization's assets — including IT, cloud, operational technology (OT) and internet of things (IoT). An exposure management program can provide you with that level of visibility as well as the ability to act on findings in real time.
3. User profiles matter more than ever. A zero trust strategy requires you to continuously monitor all users all the time. Identity and access management capabilities such as Entra ID and Active Directory, which are used to manage user profiles and privileges, must be continuously monitored and kept up to date.
4. No one is trusted — no exceptions. This may not please senior leaders, who can sometimes behave as if the rules don't apply to them. Brushing up on your diplomatic skills is advised. Ultimately, though, a zero trust architecture can be implemented without creating significant friction for end users.
5. Zero trust requires thoughtful communication. There are people throughout the organization who have built their careers on the legacy cybersecurity principles of moat-and-castle and trust-but-verify. They may be threatened or feel that their jobs are in jeopardy if they aren't engaged in the zero trust buildout from day one.

Zero trust as a concept is simple to grasp. What makes zero trust complex to implement are the same factors that make any cybersecurity strategy complex: the unique mix of processes, procedures and technology found in your IT infrastructure, as well as the need for significant user education. It's best to start small and roll out from there, rather than trying to boil the ocean.

For cybersecurity leaders in government agencies, preparing for a zero trust architecture is less an exercise in evaluating technologies and more an exercise in strategic thinking, requiring you to answer fundamental questions such as:

• What is your agency’s core mission or value proposition?
• What are the workflows required to fulfill that mission?
• Who owns those workflows?
• How does data flow in the organization?
• Which are your high-value assets, the so-called "keys to the kingdom"?
• How does the organization determine who is granted access to these high-value assets?
• How often does the organization audit user permissions once they are set?
• What building blocks do you already have in place to support a zero trust strategy?

Answering these questions requires full visibility and continuous monitoring of your entire attack surface, including IT, internet of things (IoT) and operational technology (OT) assets, and the ability to assess the criticality of each asset to deliver on your organization's core mission. No zero trust journey can begin without first addressing these fundamentals of exposure management.

How zero trust and exposure management go hand-in-hand

Exposure management transcends the limitations of siloed security programs. Built on the foundations of risk-based vulnerability management, exposure management takes a broader view across your modern attack surface, applying both technical and business context to more precisely identify and more accurately communicate cyber risk, enabling better business outcomes.

An exposure management program combines technologies such as vulnerability management, web application security, cloud security, identity security, attack path analysis and patch management to help an organization understand the full breadth and depth of its exposures and take the actions needed to reduce them through remediation and incident response workflows. Exposure management gives security teams a full, dynamic and accurate picture of the attack surface at any point in time, aiding in the implementation of zero trust policies and architecture.

Learn more

• Download the Gartner report How to Grow Vulnerability Management into Exposure Management
• Read the blogs Tenable and the Path to Zero Trust and Making Zero Trust Architecture Achievable
• View the updated draft Guidance for Implementing a Zero Trust Architecture, released by NIST on Dec. 4, 2024

The post 5 Things Government Agencies Need to Know About Zero Trust appeared first on Security Boulevard.

Discover how Grip complements TPRM platforms by uncovering shadow SaaS, enhancing identity security, and addressing risks traditional TPRM methods miss.

The post Grip vs. TPRM | Amplify your TPRM Strategy appeared first on Security Boulevard.

The rapid increase in cyberattacks is putting greater pressure on Cyber Resilience and IT Infrastructure teams to ensure the reliability, integrity, and availability of their systems

The post The CISOs Guide to Cyber Recovery appeared first on Continuity™.

The post The CISOs Guide to Cyber Recovery appeared first on Security Boulevard.

Prague, Czech republic, 15th January 2025, CyberNewsWire

The post Wultra Secures €3M to Protect Financial Institutions from Quantum Threats appeared first on Security Boulevard.

As 2024 drew to a close, Google caught global attention with the announcement of its latest quantum computing chip, Willow. Many believe that with Willow, Google has set a new benchmark for 2025, unveiling the extraordinary potential of quantum computing and what the quantum future could look like in the days ahead. If you think […]

The post Google’s Willow Chip: Another Push to Start Your Post-Quantum Cryptography (PQC) Preparation Now appeared first on Security Boulevard.

The cybersecurity landscape is entering an unprecedented era of complexity, with AI-driven threats, geopolitical tensions, and supply chain vulnerabilities reshaping how organizations approach digital security. This analysis explores key trends and strategic imperatives for 2025 and beyond.

The post The Future of Cybersecurity: Global Outlook 2025 and Beyond appeared first on Security Boulevard.

The post Patch Tuesday Update - January 2024 appeared first on Digital Defense.

The post Patch Tuesday Update – January 2024 appeared first on Security Boulevard.

Attacks on individual applications were down month to month in December 2024, but one of the most dangerous types of attacks was up significantly. That’s according to data Contrast Security publishes monthly about the detection and response of real-world application and application programming interface (API) attacks with Application Detection and Response (ADR). What you’re about to see is data that we gather from the attacks on our apps and those of our customers, anonymized and averaged. 

The post Unsafe Deserialization Attacks Surge | December Attack Data | Contrast Security appeared first on Security Boulevard.

Find out why unknown build assets is a growing problem and how Legit can help.

The post How to Prevent Risk From Unknown Build Assets appeared first on Security Boulevard.

Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024.

Background

On January 14, Fortinet released a security advisory (FG-IR-24-535) addressing a critical severity vulnerability impacting FortiOS and FortiProxy.

CVE Description CVSSv3 CVE-2024-55591 FortiOS and FortiProxy Authentication Bypass Vulnerability 9.6 Analysis

CVE-2024-55591 is an authentication bypass vulnerability in FortiOS and FortiProxy. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to a Node.js websocket module. Successful exploitation may grant an attacker super-admin privileges on a vulnerable device. According to the Fortinet advisory, this vulnerability has been exploited in the wild.

Zero Day Campaign May Have Been Active Since November

Researchers at Arctic Wolf published a blog post on January 10 detailing a campaign first observed in mid-November 2024 of suspicious activity related to the exploitation of a zero-day vulnerability, which is presumed to be CVE-2024-55591. Arctic Wolf Labs details four distinct phases of the campaign that were observed against Fortinet FortiGate firewall devices; scanning, reconnaissance, SSL VPN configuration and lateral movement. For more information on the observations of this campaign, we recommend reviewing its blog post.

At the time this blog was published, the Fortinet advisory did not credit Arctic Wolf with the discovery of CVE-2024-55591. However, the indicators of compromise (IoCs) listed in the Fortinet advisory overlap with the report from Arctic Wolf.

Historical exploitation of Fortinet FortiOS and FortiProxy

Fortinet FortiOS and FortiProxy have been targeted by threat actors previously, including targeting by advanced persistent threat (APT) actors. We’ve written about several noteworthy Fortinet flaws since 2019, including flaws impacting SSL VPNs from Fortinet and other vendors:

CVE Description Patched Tenable Blog CVE-2024-21762 Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpnd February 2024 CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability CVE-2023-27997 FortiOS and FortiProxy Heap-Based Buffer Overflow Vulnerability June 2023 CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate) CVE-2022-42475 FortiOS and FortiProxy Heap-Based Buffer Overflow Vulnerability December 2022

CVE-2022-42475: Fortinet Patches Zero Day in FortiOS SSL VPNs

AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

CVE-2022-40684 FortiOS and FortiProxy Authentication Bypass Vulnerability October 2022 CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy CVE-2020-12812 FortiOS Improper Authentication Vulnerability July 2020 CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors CVE-2019-5591 FortiOS Default Configuration Vulnerability July 2019 CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors CVE-2018-13379 FortiOS Path Traversal/Arbitrary File Read Vulnerability August 2019 CVE-2018-13379, CVE-2019-11510: FortiGate and Pulse Connect Secure Vulnerabilities Exploited In the Wild Proof of concept

At the time this blog post was published, there were no public proof-of-concept exploits for CVE-2024-55591.

Solution

Fortinet published its security advisory (FG-IR-24-535) on January 14 to address this vulnerability. The advisory also contains IoCs and workaround steps that can be utilized if immediate patching is not feasible. Fortinet has released the following patches for FortiOS and FortiProxy.

Affected Product Affected Version Fixed Version FortiOS 7.0 7.0.0 through 7.0.16 Upgrade to 7.0.17 or above FortiProxy 7.0 7.0.0 through 7.0.19 Upgrade to 7.0.20 or above FortiProxy 7.2 7.2.0 through 7.2.12 Upgrade to 7.2.13 or above

Fortinet also released several additional security advisories on January 14 for vulnerabilities affecting FortiOS and FortiProxy:

Affected Product(s) Vulnerability Description Security Advisory CVSSv3/Severity FortiOS, FortiProxy, FortiMail, FortiSwitch, FortiVoiceEnterprise, FortiNDR, FortiWLC, FortiADC, FortiAuthenticator, FortiRecorder, FortiDDoS-F, FortiDDoS, FortiSOAR and FortiTester An externally controlled reference to a resource may allow an unauthenticated attacker to poison web caches between an affected device and an attacker using crafted HTTP requests FG-IR-23-494 4.1 / Medium FortiAnalyzer, FortiAnalyzer Cloud, FortiAuthenticator, FortiManager, FortiManager Cloud, FortiOS, FortiProxy, FortiSASE An unauthenticated attacker with access to the Security Fabric protocol may be able to brute force an affected product to bypass authentication. FG-IR-24-221 8.0 / High FortiOS An authenticated, remote attacker may be able to prevent access to the GUI using specially crafted requests and causing a denial of service (DoS) condition. FG-IR-24-250 4.8 / Medium FortiOS An authenticated attacker may be able to cause a DoS condition due to a NULL pointer dereference vulnerability in the SSLVPN web portal. FG-IR-23-473 6.2 / Medium FortiManager, FortiOS, FortiProxy, FortiRecorder, FortiSASE, FortiVoice and FortiWeb A path traversal vulnerability may be exploited by a remote attacker with access to the security fabric interface, allowing the attacker to access and modify arbitrary files. FG-IR-24-259 7.1 / High FortiOS An unauthenticated attacker may be able to exploit an out-of-bounds write vulnerability to cause a DoS condition. FG-IR-24-373 3.5 / Low FortiOS An unauthenticated attacker may be able to exploit an out-of-bounds read vulnerability to cause a DoS condition. FG-IR-24-266 7.5 / High FortiOS An authenticated attacker with low privileges may be able to cause a DoS condition due to two NULL pointer dereference vulnerabilities. FG-IR-23-293 6.4 / Medium FortiOS An unauthenticated attacker may be able to exploit a resource allocation vulnerability to cause a DoS condition using multiple large file uploads. FG-IR-24-219 7.1 / High FortiOS An authenticated attacker may be able to exploit an integer overflow vulnerability to cause a DoS condition. FG-IR-24-267 3.2 / Low FortiOS An authenticated attacker may be able to exploit an improper access control vulnerability. FG-IR-23-407 4.7 / Medium FortiOS, FortiProxy and FortiSASE An unauthenticated attacker may be able to exploit a http response splitting vulnerability in FortiOS, FortiProxy and FortiSASE FG-IR-24-282 6.4 / Medium FortiOS An unauthenticated attacker may be able to exploit a man-in-the-middle vulnerability to intercept sensitive information. FG-IR-24-326 3.5 / Low Identifying affected systems

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-55591 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify public facing Fortinet assets:

  Get more information

• Fortinet FG-IR-24-535 Security Advisory
• Arctic Wolf Blog - Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild appeared first on Security Boulevard.

Authors/Presenters: Emma Stewart

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Pick Your Poison: Navigating A Secure Clean Energy Transition appeared first on Security Boulevard.

SYMMETRY CUSTOMER CASE STUDY Leading Fintech Accelerates PCI DSS 4.0 Compliance with Symmetry Systems ABOUT Industry:Fintech Size:1K – 3K employees...

The post Leading Fintech Accelerates PCI DSS 4.0 Compliance with Symmetry Systems appeared first on Symmetry Systems.

The post Leading Fintech Accelerates PCI DSS 4.0 Compliance with Symmetry Systems appeared first on Security Boulevard.

1. 10Critical
2. 147Important
3. 0Moderate
4. 0Low

Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available.

Microsoft patched 157 CVEs in its January 2025 Patch Tuesday release, with 10 rated critical and 147 rated as important. Our counts omitted two vulnerabilities, one reported by GitHub and another reported by CERT/CC. To date, the January 2025 Patch Tuesday release is the largest ever from Microsoft.

This month’s update includes patches for:

• .NET
• .NET and Visual Studio
• .NET,.NET Framework, Visual Studio
• Active Directory Domain Services
• Active Directory Federation Services
• Azure Marketplace SaaS Resources
• BranchCache
• IP Helper
• Internet Explorer
• Line Printer Daemon Service (LPD)
• Microsoft AutoUpdate (MAU)
• Microsoft Azure Gateway Manager
• Microsoft Brokering File System
• Microsoft Digest Authentication
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office OneNote
• Microsoft Office Outlook
• Microsoft Office Outlook for Mac
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Purview
• Microsoft Windows Search Component
• Power Automate
• Reliable Multicast Transport Driver (RMCAST)
• Visual Studio
• Windows BitLocker
• Windows Boot Loader
• Windows Boot Manager
• Windows COM
• Windows Client-Side Caching (CSC) Service
• Windows Cloud Files Mini Filter Driver
• Windows Connected Devices Platform Service
• Windows Cryptographic Services
• Windows DWM Core Library
• Windows Digital Media
• Windows Direct Show
• Windows Event Tracing
• Windows Geolocation Service
• Windows Hello
• Windows Hyper-V NT Kernel Integration VSP
• Windows Installer
• Windows Kerberos
• Windows Kernel Memory
• Windows MapUrlToZone
• Windows Mark of the Web (MOTW)
• Windows Message Queuing
• Windows NTLM
• Windows OLE
• Windows PrintWorkflowUserSvc
• Windows Recovery Environment Agent
• Windows Remote Desktop Services
• Windows SPNEGO Extended Negotiation
• Windows Security Account Manager
• Windows Smart Card
• Windows SmartScreen
• Windows Telephony Service
• Windows Themes
• Windows UPnP Device Host
• Windows Virtual Trusted Platform Module
• Windows Virtualization-Based Security (VBS) Enclave
• Windows WLAN Auto Config Service
• Windows Web Threat Defense User Service
• Windows Win32K - GRFX

Remote code execution (RCE) vulnerabilities accounted for 36.9% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 25.5%.

Important CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities

CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335 are EoP vulnerabilities in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP). All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. An authenticated, local attacker could exploit this vulnerability to elevate privileges to SYSTEM. Two of the three vulnerabilities were unattributed, with CVE-2025-21333 being attributed to an Anonymous researcher.

According to Microsoft all three vulnerabilities were exploited in the wild as zero-days. No specific details about the in-the-wild exploitation were public at the time this blog post was released.

Important CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability

CVE-2025-21186, CVE-2025-21366 and CVE-2025-21395 are RCE vulnerabilities in Microsoft Access, a database management system. All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. A remote, unauthenticated attacker could exploit this vulnerability by convincing a target through social engineering to download and open a malicious file. Successful exploitation would grant an attacker arbitrary code execution privileges on the vulnerable system. This update “blocks potentially malicious extensions from being sent in an email.”

According to Microsoft, these three vulnerabilities were publicly disclosed prior to a patch being available (zero-days). They are attributed to Unpatched.ai, which uses artificial intelligence (AI) to “help find and analyze” vulnerabilities.

Important CVE-2025-21308 | Windows Themes Spoofing Vulnerability

CVE-2025-21308 is a spoofing vulnerability affecting Windows Themes. This vulnerability received a CVSSv3 score of 6.5 and was publicly disclosed prior to a patch being made available. According to Microsoft, successful exploitation requires an attacker to convince a user to load a malicious file, then convince the user to “manipulate the specially crafted file.” Microsoft has provided a list of mitigations including disabling New Technology LAN Manager (NTLM) or using group policy to block NTLM hashes. For more information on the mitigation guidance, please refer to the Microsoft advisory.

Important CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability

CVE-2025-21275 is an EoP vulnerability in the Microsoft Windows App Package Installer. It was assigned a CVSSv3 score of 7.8 and is rated important. A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. These types of flaws are often associated with post-compromise activity, after an attacker has breached a system through other means.

According to Microsoft, this vulnerability was publicly disclosed prior to a patch being available. It is attributed to an Anonymous researcher.

Critical CVE-2025-21297, CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2025-21297 and CVE-2025-21309 are critical RCE vulnerabilities affecting Windows Remote Desktop Services. Both of these vulnerabilities were assigned CVSSv3 scores of 8.1, however CVE-2025-21309 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index, while CVE-2025-21297 was assessed as “Exploitation Less Likely.”

According to Microsoft, successful exploitation of these flaws requires an attacker to connect to a system with the Remote Desktop Gateway role and trigger a race-condition that creates a use-after-free scenario which can be leveraged to execute arbitrary code.

Critical CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability

CVE-2025-21298 is a RCE vulnerability in Microsoft Windows Object Linking and Embedding (OLE). It was assigned a CVSSv3 score of 9.8 and is rated critical. It has been assessed as “Exploitation More Likely.” An attacker could exploit this vulnerability by sending a specially crafted email to a target. Successful exploitation would lead to remote code execution on the target system if the target opens this email using a vulnerable version of Microsoft Outlook or if their software is able to preview the email through a preview pane.

Microsoft’s advisory for this vulnerability recommends configuring Microsoft Outlook to read email messages “in plain text format” instead of a rich format that will display other types of content, such as photos, animations or specialized fonts. To configure Outlook in this way, please refer to the following article, Read email messages in plain text.

Tenable Solutions

A list of all the plugins released for Microsoft’s January 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's January 2025 Security Updates
• Tenable plugins for Microsoft January 2025 Patch Tuesday Security Updates

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) appeared first on Security Boulevard.

As we stand on the threshold of 2025, the cybersecurity landscape is undergoing a dramatic transformation, largely driven by artificial intelligence and emerging threat vectors. Drawing from Nuspire’s recent cybersecurity outlook webinar, let’s explore the key trends and challenges that organizations will face in the coming year.   Looking Back to Move Forward  Before diving into 2025 predictions, it’s worth noting ... Read More

The post The AI Revolution: Navigating Cybersecurity Challenges in 2025 appeared first on Nuspire.

The post The AI Revolution: Navigating Cybersecurity Challenges in 2025 appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Trimix’ appeared first on Security Boulevard.

The post Sanitizing Unstructured Data In Motion—and Why It’s Important appeared first on Votiro.

The post Sanitizing Unstructured Data In Motion—and Why It’s Important appeared first on Security Boulevard.

Around the year 1900, an author (Rudyard Kipling) wrote a poem called “The Elephant’s Child.” In it, he writes: “I keep six honest serving men They taught me all I knew Their names are What and Why and When And How and Where and Who.”  Little did Kipling know that these six friends would someday […]

The post Six Friends Every Security Team Needs appeared first on Security Boulevard.