Secplicity Blog

If you ask most security-conscious organizations about their priorities, the answers are usually familiar: endpoint detection and response, identity and access management, network segmentation, cloud security, vulnerability management, and more. On paper, many teams know exactly what strong security…

The cybersecurity landscape is shifting quickly. In Episode 361 of The443 Podcast, Marc Laliberte and Corey Nachreiner discuss three emerging issues shaping modern security: A critical authentication bypass in a popular JSON Web Token (JWT) library An autonomous AI bot exploiting GitHub repositories…

Three stories, one theme: control planes, supply chains, and human workflows remain high-leverage targets. This Secplicity blog follows the sequence and details covered by Marc Laliberte and Corey Nachreiner in The443 Podcast Episode 360. 1) Cisco Catalyst SD-WAN 0-Day (CVSS 10): What happened Cisco…

Let’s be honest: cybersecurity rules are not exactly thrilling. But if your company supports the U.S. Department of Defense (DoD), CMMC (Cybersecurity Maturity Model Certification) is becoming increasingly difficult to ignore. At its core, CMMC exists for one simple reason: to help ensure sensitive…

Introduction At the turn of the year, we were alerted to a doppelganger domain impersonating WatchGuard’s Mobile VPN with SSL, delivering a malicious spoofed client to steal credentials. Navigating directly to the doppelganger domain resulted in a benign informational WatchGuard VPN page. However…

A new ransomware operation known as Kyber has emerged. Their first and current only posted victim is L3Harris, a major defense contractor in the United States. The operators have provided a timer that ends around 6 PM EST on Sunday, October 19. The group claims to have stolen over 300 GB of data…