CIPP Vulnerability Finding – A Third-Party Risk Story

By Brandon Salem | March 17, 2025

Prior to proceeding with this article, it is important to highlight that the vulnerability is still not fixed at this time but the finding has been disclosed to the vendor and this article is now being published following the mutually agreed upon publish date. This is in understanding that the severity of this vulnerability was…

Read More

The Privileged Identity Crisis

By Brandon Salem | December 23, 2024

Introduction Various bodies and their standards, such as the Australian Signals Directorate’s (ASD) Information Security Manual and Center for Internet Security (CIS) Critical Security Controls explicitly recommend multiple accounts, to separate standard (i.e. web browsing) and privileged (i.e. system configuration) activities, as a preventative measure to limit the potential impact of unauthorized privileged access. However,…

Read More

Strengthening Your Defence Against Social Engineering: Beyond Traditional Email Security

By Brandon Salem | September 5, 2023

While an Email Security solution offers many protections against email-based social engineering attacks, it faces a very common issue, which can be presented as a simple question organisations and business can ask themselves when designing and/or reviewing their cybersecurity strategy: What happens when an Email Security solution is presented with a new sender, who sends…

Read More