Recent Posts

Hack the Planet? No. Just Hack the Tap: What exposed water systems tell us about the state of cybersecurity around the world

Hack the Planet? No. Just Hack the Tap: What exposed water systems tell us about the state of cybersecurity around the world

Final thought About the Author: Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions. She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.

Board Member Spotlight: Adj. Prof. Dr. Greg Dzsinich, LLM, CIPP/E

Board Member Spotlight: Adj. Prof. Dr. Greg Dzsinich, LLM, CIPP/E

One idea that continues to guide his leadership comes from his time at Microsoft. When he joined the company in 2008, he was struck by a powerful metaphor. If we sit in one boat, we must not only row well. We must also remain in 

“What happens to Heroes?” EPISODE #6: The Unsung Heroes of the digital world by Didier Annet

“What happens to Heroes?” EPISODE #6: The Unsung Heroes of the digital world by Didier Annet

Is the cyberattacks stronger than the cybersecurity? “No, stronger it is not. Quicker, easier, more seductive,”.

The Psychological Impacts of Cyberattacks

This is the sixth episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack.

What I will call the “Heroes”

Let’s Rewrite the Story of a Cyberattack – Alternate History of a winning scenario

“The fact is, you have to do things for the current, but also the after. You must pay attention to people’s sensibilities. Even if we’re in a period of crisis, we mustn’t just have financial objectives, catering objectives or customer recovery objectives. We have to think about the well-being of our teams, to keep as many staff as possible. There’s no point in getting the business back on its feet if everyone leaves.”

Excerpt From the Interview

My book is dedicated to encouraging companies to consider the human aspect in the context of cyber-attacks. But coaching has only been part of my professional practice for the past 4 years. For over 25 years now, my career has been centered on helping customers strengthen their data resilience. This scenario is freely inspired by one of my corporate clients …

In this episode, I will fictionize a cyberattack, but by suing what I call a winning scenario. A winning scenario is when a company consider security as a strategic priority. No discussion, security is part of the daily normality

Typical identification factor: “Right reflexes, right roles — from click to crisis”

Once upon a time, there was a company that had security in its DNA. Cyberattacks are one of the problems of the modern world, and preparing for this eventuality is a necessity. It also knows that the best is the enemy of the good, and that security requires more discipline than expertise.

This situation is beneficial for the company, which recognizes the crucial role of IT security and allocates the necessary resources to develop a robust cyber resilience strategy. This strategy is based on risk analysis. The company has developed clear and achievable security policies that balance business requirements and available resources. IT and IT security departments have sufficient resources, expertise, and equipment to detect risks, develop effective countermeasures, and prevent systems from becoming obsolete. All staff members receive customized cybersecurity training based on their job responsibilities. This training is based on a positive approach. This enables them to respond effectively to potential attacks through regular simulations. They also take a proactive and self-critical approach to assessing their own skills and processes. All levels of management participate in cyber crisis management workshops, with annual reviews and updates of the crisis plan.

This corporate vision will significantly reduce the risk of internal cyberattacks. Although no system is completely risk-free, a consistent and well-structured approach helps to reduce employee stress and anxiety, thereby promoting a positive and productive work environment. This further reduces employees’ motivation to harm the company.

In the event of an attack, it will likely be detected quickly thanks to the constant vigilance of the teams and the proactive approach of everyone involved. Well-established and consistently followed incident management protocols ensure rapid decision-making. System protection will always be the top priority. Effective crisis management, combined with a clear understanding of everyone’s responsibilities, ensures smooth and efficient internal and external communication. Even if the impact is more serious, the robust response and containment processes of a high-performing company will be triggered. After being quarantined and thoroughly examined by the emergency response team, an assessment of the environment and its readiness for production resumption is initiated, in accordance with rigorous procedures.

In the event of an emergency, a stand-alone backup version can be quickly implemented. This standard practice ensures that the process is carried out efficiently and meticulously. With detailed instructions on business operations, software applications, and their interconnections, restoration efforts will be thorough and organized.

These comprehensive measures, which include thorough planning and proactive testing, ensure a smooth resumption of business. In addition, by keeping customers and suppliers informed during this period, everyone involved can make prudent decisions.

In this case, no one is designated as a hero. Rather, cyberattack management is a top priority, deeply embedded in a culture of risk management and individual autonomy. As a result, a cyberattack is viewed as a manageable event rather than a crisis.

In this scenario, no individual is designated as a hero. Managing cyberattacks is a priority, rooted in a culture of risk-aware management and individual autonomy, making a cyberattack a manageable incident rather than a crisis.

This is a Hero-less narrative.

No Hero, no fall of the Heroes!

THINGS TO REMEMBER

In cybersecurity, it’s not if you’ll get breached — it’s when. So isolate, authenticate, replicate… and don’t forget: your backup is only as good as your last restore test.


About the Author

Didier Annet is an Operational & Data Resilience Specialist and a Certified Professional Coach dedicated to empowering individuals and teams to navigate the complexities of an ever-changing digital landscape.

Find him on LinkedIn: Didier Annet

Learn more in his book:
📖 Guide de survie aux cyberattaques en entreprise et à leurs conséquences psychologiques: Que fait-on des Héros ? (French Edition) – Available on Amazon

English version:
“Survival Guide – The Human Impact of Cyberattacks and the Untold Story of Those Who Respond”
“What Happens to Heroes?”
Available on Amazon

Cyber (In)Securities – Issue 152 – Snapshot Edition

Cyber (In)Securities – Issue 152 – Snapshot Edition

You can download this edition by clicking the three dots icon on the bottom right and selecting Download PDF File. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.

CyAN Mentorship Wrap-Up – 2025-1

CyAN Mentorship Wrap-Up – 2025-1

CyAN is nearing the end of its spring 2025 mentorship programme. We extend a sincere thank you to our members who have agreed to contribute to the development of new talent entering the information security sector: Saba Bahgeri (Australia), Mohammed Shakil Khan (UAE), Mathew Nicho 

Week 22 – High severity vulnerability affects Versa Concerto

26 May – 01 June 2025

Our new CVE of the Week is high severity vulnerability, CVE-2025-34027, has been identified and is making waves across the cybersecurity landscape.

It affects Versa Concerto, an orchestrator and interface to configure and monitor Versa OS devices in Secure SD-WAN and secure access service edge (SASE) deployments. The flaw affects widely used software and poses a serious risk of remote code execution (RCE) without authentication – making it a top priority.

It has the highest possible CVSS score of 10.

This vulnerability allows threat actors to exploit exposed systems over the network, potentially gaining full control. The attack surface is broad, and with proof-of-concept (PoC) exploits already circulating.

Affected systems are commonly used in enterprise environments.
Exploits are trivial to deploy once a target is found.
The impact can range from data theft to full infrastructure compromise.

  • Patch immediately if you are running affected versions: Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
  • Scan your network for vulnerable endpoints.
  • Monitor logs and traffic for signs of exploitation.

This is a wake-up call to stay vigilant, keep systems updated, and prioritize proactive vulnerability management. CVE-2025-34027 is not just another CVE — it’s a critical risk that requires immediate attention.

Let’s not wait for headlines. Secure your systems today!

You can find more information and details on the subject at the link below:
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce


White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Cyber (In)Securities – Issue 151 – Snapshot Edition

Cyber (In)Securities – Issue 151 – Snapshot Edition

You can download this edition using the download icon at the bottom. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.

New Podcast – Return of the Bride of Terrorism, With Bjørn Ihler

New Podcast – Return of the Bride of Terrorism, With Bjørn Ihler

Part III in our series on violent extremism and terrorism

Week 21 – Multiple high-severity vulnerabilities in VMware Cloud Foundation

19 – 15 May 2025

Multiple high-severity vulnerabilities were responsibly disclosed in VCF by Gustavo Bonito of the NATO Cyber Security Centre. From among these, our #CVEOfTheWeek is CVE-2025-41229. This is a Directory Traversal vulnerability, which might allow a malicious actor with network access to port 443 to exploit directory traversal, potentially leading to access to restricted internal services.

VMware Cloud Foundation (VCF) is an integrated software platform developed by VMware that provides a complete solution for managing and operating a hybrid cloud infrastructure. It combines VMware’s compute, storage, networking, and cloud management services into a single automated platform.

VMware has stressed that there are no available workarounds for these vulnerabilities, making patching the sole effective method of mitigation.

Administrators using VMware Cloud Foundation 5.x are strongly advised to upgrade immediately to version 5.2.1.2.
For organizations running VMware Cloud Foundation 4.5.x, the recommended course of action is to follow the instructions outlined in knowledge base article KB398008.


Blackpoint created a list with further guidance that could strengthen our infrastructure resiliency:

Isolate Management Interfaces
Place ESXi and vCenter servers on a dedicated management VLAN. Avoid exposing them to the internet unless absolutely necessary.

Restrict Access to Management Services
Limit access to management interfaces to trusted IP addresses or subnets. Where feasible, block outbound internet access from hosts.

Harden Authentication and Access Controls
Use strong, unique credentials for all accounts. Disable SSH unless it is actively required.

Minimize Attack Surface
Disable any unused services and protocols—such as CIM, SNMP, SSH, or Web UI—to reduce potential entry points.

Secure and Test Backups
Store backups offline or in immutable object storage. Regularly test backup restoration processes to ensure reliability during an incident.


Official advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733

Further information on the CVE Trio: https://cybersecuritynews.com/vmware-cloud-foundation-vulnerability/y/


White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Cyber (In)Securities – Issue 150 – Snapshot Edition

Cyber (In)Securities – Issue 150 – Snapshot Edition

You can download this edition using the download icon at the bottom. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.