On June 23, The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) warning network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers.

Organizations increasingly rely on third parties for business operations, and as a result are working with more digital suppliers than ever. According to Gartner, 60% of organizations work with more than 1,000 third parties and this number will grow. High-profile vulnerabilities such as Log4Shell are a constant reminder of the risks posed by a breakdown in the software supply chain. This has spurred enterprises to increase the rigor of software risk assessments to ensure supply chain security.

There are many critical factors to ensuring an effective cybersecurity program; however, two of the most important are accuracy and timeliness. With limited search capabilities that direct you to insufficient results or extended navigation time to find items of relevance, the cyber risk of your rapidly growing vendor ecosystem is left unmanaged. Think about it like this: when you have two contacts in your phone saved under the same first name, how do you determine which one is the right one to call?

A cyber incident can range from a minor power outage to a full-scale cyber attack. No matter the incident scale, having clear guidelines to follow can help organizations create effective and standardized response plans. The SysAdmin, Audit, Network, and Security (SANS) Institute is one of the leading organizations providing cybersecurity training, research, and certification.

The telecom industry is continuously evolving as laws governing the industry change, providers join new markets, and the expansion of cellular connections continues to grow. And since the global pandemic of COVID-19, millions of people around the world have relied on the availability of network services to work in addition to keeping in contact with their loved ones.

Here at SecurityScorecard, our mission is simple: To make the world a safer place. This mission necessitates that we embrace trust, transparency, and security. In furtherance of this mission, today we released our first-ever Chrome Extension. With the new SecurityScorecard Chrome Extension, you can automatically see the simple A-F security rating of the websites you visit, enabling you to evaluate the risk of the sites you visit before supplying your data to them.

Third parties are an inevitable and essential part of your business ecosystem. They’re your vendors, partners, and contractors. They improve efficiency, extend your reach, and make it possible to deliver the best possible products and services. From a security perspective, however, they also bring a significant amount of risk. Misconfigurations of a third-party’s cloud can lead to supply chain data breach risks.

Penetration testing and vulnerability scanning are both important practices that protect the network of a business. However, the two are very different from each other in the way they test the security and vulnerabilities of a network. Keep reading to learn more about the differences and how to decide whether one or both would best suit your needs.

Every day, cybercriminals are seeking new techniques to extract data and infiltrate networks; one of these techniques is data exfiltration. To prevent these kinds of cyber threats, we must learn how data exfiltration works, the methods used to execute attacks, and how companies can secure their network from further data breaches. Let’s take a closer look.

Mobile forensics is recovering digital evidence from mobile devices using accepted methods. A lot of information can be discovered by analyzing a criminal’s phone. That’s why mobile forensics and digital forensics as a whole are becoming valuable assets for law enforcement and intelligence agencies worldwide. In 2021, there were 15 billion operating mobile devices worldwide. That’s nearly two per person. The amount of data stored across these devices is astounding.

While the Internet of Things (IoT) can provide helpful insights, it can also introduce a host of new security vulnerabilities into your organization. Without a clear understanding of the importance of IoT security, your organization will continue to introduce new vulnerabilities without even realizing it. Let’s take a closer look at how IoT security is important and the best practices your organization can use to improve the overall security of your organization.

With flexible work environments now the norm, the use of endpoint devices has increased – whether your organization allows work-from-home days, hires freelancers, and collaborates through email and phone calls. Many employees require access to the corporate network to carry out their daily responsibilities, and endpoint devices allow employees to do just that. That said, endpoints have become one of the biggest attack vectors for cybercriminals since they are easier to target.