by James Cavenaugh | May 22, 2026 | Compliance & Risk
In July 2023, the SEC adopted final rules on cybersecurity disclosure that took effect in December of that year. Public companies now have to disclose material cybersecurity incidents on Form 8-K within four business days of determining that the incident is material....
by James Cavenaugh | May 20, 2026 | Endpoint & Network Security
The 2022 Uber breach that I’ve mentioned in other posts is usually talked about as an MFA story. It’s also an endpoint story. The attacker didn’t compromise an Uber-managed laptop. He compromised a contractor’s personal device. The password...
by James Cavenaugh | May 18, 2026 | Endpoint & Network Security
In October 2023, Citrix published a patch for a vulnerability in their NetScaler product. The flaw, eventually nicknamed Citrix Bleed, let attackers bypass authentication on systems that hadn’t been updated. Organizations that were running NetScaler had about a...
by James Cavenaugh | May 15, 2026 | Email Security
The FBI issued a public service announcement a couple of years ago warning about QR code phishing, and the volume has climbed every quarter since. Vendor research from Proofpoint, Barracuda, and others shows QR-based phishing, which the industry has started calling...
by James Cavenaugh | May 13, 2026 | Identity & Access Security
In September 2022, Uber got breached. An 18-year-old attacker bought a contractor’s password on the dark web for a few dollars. The contractor had MFA enabled. Uber’s MFA required pushing “approve” on a mobile app. The attacker couldn’t...