Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024

nucleus

Nucleus Security Launches Nucleus Vulnerability Intelligence Platform to Accelerate Threat Assessment and Risk Mitigation

Jul 31, 2024 By Nucleus In Nucleus
Nucleus Security announces the launch of its Nucleus Vulnerability Intelligence Platform. Nucleus Vulnerability Intelligence Platform enables enterprises to aggregate, analyze, and act on insights from government, open-source, and premium threat intelligence feeds while reducing manual effort, accelerating threat assessment, and promoting proactive remediation.
Read Post
bitsight

Tackling Technical Debt in Cybersecurity: A Veteran's Guide

Jul 31, 2024 By Tim Grieveson In BitSight
Let’s talk technical debt. It’s that silent, creeping problem many of us have faced—those quick fixes and shortcuts we took to keep things running smoothly. They accumulate over time, leaving us with a tangled web of outdated systems and patchwork solutions. In cybersecurity, this isn’t just a minor annoyance—it’s a ticking time bomb. So, what’s technical debt consolidation?
Read Post
nucleus

Operationalize EPSS Scoring to Build Mature and Proactive Vulnerability Management

Jul 30, 2024 By Corey Tomlinson In Nucleus
Cybersecurity teams across all disciplines, including vulnerability management, are challenged to move faster than ever before. Whether it’s responding to a security incident, finding a new vulnerability, or stopping an attack, speed is at a premium.
Read Post
tanium

How To Identify, Contain, and Remediate Zero-Day Risks and Get back to Your Day Job in 30 Minutes

Jul 30, 2024 By Tanium In Tanium
WannaCry, Log4j, Follina, Spring4Shell — these incidents send shivers down the spines of anybody who works in IT or security. Zero-day vulnerabilities are unknown or unaddressed exploitable software or hardware security flaws that are typically unknown to the vendor and for which no patch or other fix is yet available.
Read Post
kovrr

Updates to the CRQ Platform: ISO 27001 Mapping and Model Calibration

Jul 30, 2024 By Kovrr In Kovrr
‍ ‍ ‍One of the most simultaneously exciting and challenging aspects of working in the cybersecurity industry is that the risk landscape and management practices never stop evolving. Additional data is continuously being gathered, and new frameworks are constantly developed to help organizations better assess, measure, and secure themselves against threat actors poised to exploit system weaknesses.
Read Post
bitsight

Don't RegreSSH: An Anti-Pavlovian Approach to Celebrity Vulns

Jul 30, 2024 By Ben Edwards In BitSight
Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.
Read Post
kovrr

Obtaining Fit-For-Purpose Cyber Insurance Amid a Volatile Market

Jul 25, 2024 By Kovrr In Kovrr
‍After cyber insurance rates skyrocketed from late 2020 to 2022, when the majority of the market had little choice but to switch to a completely remote way of working, prices have slowly started to drop. This new downward trend is promising, as organizations are increasingly searching for the most cost-effective ways to manage their cyber risks and offset potential losses.
Read Post
bitsight

Streamlining Your Response to Security Assessments With Bitsight Trust Management Hub

Jul 25, 2024 By Viet Tran In BitSight
Most organizations now recognize that even if they have a strong internal security posture, a security lapse by any one of their many third-party vendors or partners can be just as catastrophic to their business as a direct breach. Industry and government regulators are increasingly focused on this topic as well, resulting in a wave of new compliance requirements that extend to third-party risks.
Read Post
nucleus

Nucleus & Cycode Integration Delivers Unified Vulnerability Management and Application Security

Jul 25, 2024 By Adam Dudley In Nucleus
As modern enterprise IT environments become more complex, the need for robust cybersecurity measures continues to grow. Because of this expanding complexity, DevSecOps functions are more common, requiring the integration of security into the application development lifecycle. Application Security Posture Management (ASPM) solutions offer a unified framework for securing the diverse application environment and merging security into the application development process.
Read Post

About CultureAI | Human Risk Management Platform

Jul 25, 2024 By CultureAI In CultureAI
Monitor, reduce, and fix your human cyber risks. The CultureAI Human Risk Management Platform enables security teams to proactively monitor human risk across multiple applications, providing immediate visibility into the riskiest employee behaviours and security vulnerabilities within an organisation.
View Video
securitysenses

5 Must-Have Features for Advanced Inventory Management Software in 2024

Jul 25, 2024 By SecuritySenses In SecuritySenses
Advanced inventory management software gives you the power to track items, forecast demand, and analyze data for smart decisions. Features like dynamic replenishment planning and AI-powered decisions help keep your stock levels just right while cutting down on costs. Plus, quality software fits well with ecommerce platforms and other tools you use. With technology moving, new tools like AI and machine learning will make managing inventory faster and more precise. Choosing the best software depends on what your business needs and how much money you can spend.
Read Post
upguard

CrowdStrike Outage: What Happened and How to Limit Future Risk

Jul 24, 2024 By Nicholas Sollitto In UpGuard
In the early morning of July 19, a software update to CrowdStrike’s Falcon sensor started to cause one of the most extensive IT outages in history, affecting several industry sectors, including financial services, healthcare, transportation, and others. According to CrowdStrike, the outage stemmed from “a defect found in a Falcon content update for Windows hosts.” At this point, the software update has not affected Mac and Linux systems.
Read Post
bitsight

Bitsight Groma: Next-generation Internet Scanning

Jul 24, 2024 By Arzu Ozbek Akay In BitSight
Earlier this year, we announced Bitsight’s next-generation internet scanning, Bitsight Groma, and AI-powered discovery and attribution technology, Bitsight Graph of Internet Assets (Bitsight GIA). While these technologies work as partners in the Bitsight Cyber Risk Data Engine to create a dynamic map of internet infrastructure, it is helpful to separate them out to understand their unique contributions.
Read Post
synopsys

Once and future code snippets: How AI reignites risk

Jul 24, 2024 By Phil Odence In Synopsys
Code snippets copied from copyleft-licensed open source projects represented the biggest risk in software 15 years ago. The Heartbleed vulnerability, discovered in April 2014, brought to the fore concerns about the security of open source components, and license risk took a bit of a back seat. But the problem never went away. Now, the advent of Generative AI as a tool for writing software is shining a new light on the issue.
Read Post
riscosity

Data Catalogs: What They Are & Why They're Important

Jul 24, 2024 By Anirban Banerjee In Riscosity
A data catalog is a critical data repository that enables visibility into what data you have, where it’s going, and who owns it – all critical inputs for maintaining data security. A company's data needs to be both organized and centralized, while also easily being discoverable. In this article, we’ll explore what data catalogs are and how they can create business value in your organization.
Read Post
bitsight

Vendor Risk Management Principles: A Strategic Guide For Security Managers

Jul 24, 2024 By Melissa Stevens In BitSight
In today’s interconnected business environment, organizations rely heavily on third parties, and while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. This makes vendor risk management (VRM) a critical component of any company's overall risk management strategies. Effective VRM practices help protect sensitive data and maintain robust security postures, minimizing the potential risks introduced by vendors.
Read Post
trilio

GRC in Cybersecurity: What It Is and Why It's Important

Jul 22, 2024 By David Safaii In Trilio
With businesses increasingly relying on digital systems, the combination of governance, risk management, and compliance (GRC) has become essential for an effective cybersecurity strategy. This framework helps organizations manage cyber risks, comply with regulations, and protect sensitive data.
Read Post
SecurityScorecard

Crowdstrike Outage: Know Your Supply Chain

Jul 19, 2024 By SecurityScorecard In SecurityScorecard
Knowing Your Supply Chain (KYSC) is becoming an increasingly important component of cyber resilience. Understanding the dependencies within your organization and those of your vendors is critical for responding to incidents effectively. Even the most reliable vendors and partners can experience issues. Today, a widespread outage impacted CrowdStrike Falcon, affecting the global supply chain.
Read Post
obrela

The Cost of Complacency: Analyzing the Financial Impact of Cybersecurity Breaches

Jul 19, 2024 By Obrela In Obrela
In today’s digital landscape, the importance of robust cybersecurity measures cannot be overstated. Yet, despite the clear and present danger posed by cyber threats, many organizations still underinvest in cybersecurity, operating under a false sense of security. This complacency can be incredibly costly, as the financial ramifications of cybersecurity breaches are staggering.
Read Post
bitsight

CrowdStrike Outage: Short-Term Actions and Strategic Priorities for the Future

Jul 19, 2024 By Derek Vadala In BitSight
As most in the industry are aware, a defective content update to CrowdStrike’s Falcon Sensor for Windows led to a global cascade of system outages affecting critical industry sectors such as transportation, banking, healthcare, and public safety. Many enterprises and government agencies around the world are still actively managing their response to this incident.
Read Post
upguard

Preparing for Cybersecurity Audits: Insights from US Regulations

Jul 19, 2024 By Leah Sadoian In UpGuard
Cybersecurity regulations often include audits that assess and strengthen an organization’s defenses against increasing cyber threats. In the United States, various cybersecurity regulations, including HIPAA, SOX, PCI DSS, and more, require audits. Each audit ensures your organization meets the required standards outlined in the regulation while also strengthening its overall cybersecurity framework.
Read Post
upguard

Navigating Cybersecurity Requirements Under the Dodd-Frank Act

Jul 19, 2024 By Nicholas Sollitto In UpGuard
Over the last decade, cybersecurity has emerged as a critical concern for financial institutions. With cyberattacks increasing in frequency and sophistication, it has become imperative for institutions in the financial sector to safeguard sensitive data and implement robust data protection measures. The Dodd-Frank Wall Street Reform and Consumer Protection Act, commonly known as the Dodd-Frank Act, plays a crucial role in regulating the American financial services industry.
Read Post
cultureai

CultureAI raises $10 million in Series A funding to evolve the way organisations manage human risk

Jul 17, 2024 By CultureAI In CultureAI
CultureAI has raised $10 million in capital. Mercia Ventures and Smedvig Ventures led the funding round. This funding will power CultureAI's product development and market expansion plans.
Read Post
bitsight

What ended up on the cutting room floor after we sliced and diced the KEV

Jul 16, 2024 By Ben Edwards In BitSight
In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.
Read Post
kovrr

Top 4 Strategies to Demonstrate Cybersecurity's Value in the Boardroom

Jul 16, 2024 By Kovrr In Kovrr
Cybersecurity expertise is notoriously absent from the boardroom. Only last year, a market analysis found that a mere 12% of US Fortune 500 companies have a board member with adequate knowledge of cyber risk management. However, increased cybersecurity regulations, coupled with heightened cyber event costs, have begun to highlight the need to rectify this void as soon as possible.
Read Post
vanta

Everything you should know about continuous controls monitoring (CCM)

Jul 15, 2024 By Vanta In Vanta
Continuous controls monitoring (CCM) is a crucial aspect of making GRC processes more automated, accurate, and actionable through technology. It helps organizations transition from inefficient point-in-time checks to automation-driven compliance controls that provide a real-time view into their security posture. That’s why many proactive risk management teams are already prioritizing control automation for their GRC program.
Read Post
tripwire

Addressing Client-Side Risks in PCI DSS 4.0

Jul 15, 2024 By Josh Davies In Tripwire
It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect. Industries that adhere to the Standard were given the year to implement the new changes.
Read Post
nucleus

Build Better Vulnerability Management with Threat and Vulnerability Intelligence

Jul 15, 2024 By Corey Tomlinson In Nucleus
The goal of every vulnerability management program is to reduce the risk posed by vulnerabilities that exist in the organization’s environments. You can achieve this goal in two ways. The first is to move faster, remediating vulnerabilities faster than they can arise. The problem with this approach is that it doesn’t work. It is inefficient, expensive, and impractical. There are simply too many vulnerabilities.
Read Post
SecurityScorecard

How to Choose the Right Managed Detection and Response Solution to Secure Your Supply Chain

Jul 15, 2024 By SecurityScorecard In SecurityScorecard
AI isn’t what’s going to be the hot topic of the next year; it’s going to be data breaches in the supply chain and the cost that companies face by not reacting quickly to this emerging threat. The cyber attack on Change Healthcare, one of the world’s largest health payment processing companies, illustrates this point. Change Healthcare was a clearing house for 15 billion medical claims annually—accounting for nearly 40% of all claims.
Read Post
SecurityScorecard

How to Choose the Right Supply Chain Cyber Risk Managed Service

Jul 15, 2024 By SecurityScorecard In SecurityScorecard
AI isn’t what’s going to be the hot topic of the next year; it’s going to be data breaches in the supply chain and the cost that companies face by not reacting quickly to this emerging threat. The cyber attack on Change Healthcare, one of the world’s largest health payment processing companies, illustrates this point. Change Healthcare was a clearing house for 15 billion medical claims annually—accounting for nearly 40% of all claims.
Read Post
memcyco

What are Risk Engines, and How to Make Sure They Work Well

Jul 12, 2024 By Gideon Hazam In Memcyco
Risk management has always been a central part of business, especially for financial institutions. From bank loan underwriting to insurance premium calculations and payment risk assessment, comprehensive risk management methodologies are vital to any business that deals with high-trust user actions. In particular, risk management is crucial to combating fraud – a huge global problem, the broad economic impact of which is clear.
Read Post
vanta

How to scale your GRC program with automation

Jul 12, 2024 By Vanta In Vanta
According to Vanta’s 2023 State of Trust Report, respondents spend an average of nine working weeks per year on security compliance. ‍ Some security teams have accepted that governance, risk, and compliance (GRC) will inevitably take tons of time and effort. And many continue to work towards small-scale efficiencies because they don’t believe anything better is possible. ‍ But there’s a better option for today’s businesses: GRC automation.
Read Post
upguard

India's Blueprint for Cyber Safety: The National Security Policy 2013

Jul 12, 2024 By Leah Sadoian In UpGuard
India's National Cyber Security Policy 2013 is a comprehensive framework designed to fortify the nation's cyber infrastructure and safeguard its digital frontiers. The policy aims to address the complexities of cyber threats and enhance cyberspace's security and resilience through various key components and targeted strategies.
Read Post
upguard

Improving India's Cyber Defenses: Maharashtra's Cyber Security Project

Jul 12, 2024 By Leah Sadoian In UpGuard
In an era when digital transformation is reshaping economies and societies, the threat of cybercrime has become a significant concern. India, with its growing digital ecosystem, is particularly vulnerable to a wide range of cyber threats. In response to these challenges, the state of Maharashtra launched an ambitious initiative - the Maharashtra Cyber Security Project.
Read Post
bitsight

Maximising Security Investments: A CISO's Guide to Budget Optimisation & Technology Consolidation

Jul 10, 2024 By Rachel Holmes In BitSight
Economic pressures have been leading to greater budget scrutiny and justification of resources for cybersecurity teams. Boards are asking harder questions around cyber risk and exposure. Not only are CISOs working hard to justify and measure their program, they’ve had to become more data-driven in the way they align investments towards company outcomes and business objectives.
Read Post
bitsight

The Impact of the Kaspersky Ban

Jul 9, 2024 By Pedro Umbelino and Jake Olcott In BitSight
On June 20th, 2024, the Department of Commerce's Bureau of Industry and Security (BIS) announced the prohibition of Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the U.S. or to U.S. persons. The prohibition also applies to Kaspersky Lab, Inc.’s affiliates, subsidiaries, and parent companies.
Read Post
vanta

3 trends shaping the future of GRC and how to adapt today

Jul 9, 2024 By Vanta In Vanta
For many teams, managing governance, risk, and compliance (GRC) is still a very manual process. As a security leader, you might be wondering how to future-proof and scale your GRC program when so much of your team’s time is spent on collecting screenshots or copying and pasting information from one spreadsheet to another. ‍ The future of GRC management doesn’t have to be more of the same though.
Read Post
obrela

What is NGFW? Next generation firewall VS traditional firewall

Jul 9, 2024 By Obrela In Obrela
Protecting an organization’s network perimeter has become increasingly complex. Traditional firewalls, once the cornerstone of network security, are now being supplemented and often replaced by more advanced solutions known as Next-Generation Firewalls (NGFWs). At Obrela, we believe in leveraging cutting-edge technologies to safeguard digital assets, and understanding the differences between traditional firewalls vs NGFWs is crucial for any robust security strategy.
Read Post
upguard

Guide to SWIFT CSCF (Customer Security Controls Framework)

Jul 8, 2024 By Kyle Chin In UpGuard
The SWIFT Customer Security Controls Framework (CSCF) is a key global cybersecurity framework that provides recommended and mandatory security controls for banking institutions that use the SWIFT banking system. The framework is designed to help financial institutions improve their cyber resilience and ensure that participants within the SWIFT network adhere to a stringent set of security compliance standards. Find out how UpGuard helps the financial services industry meet compliance standards >
Read Post
upguard

How to Create a Vendor Risk Management Process

Jul 5, 2024 By Nicholas Sollitto In UpGuard
Modern business operations have become synonymous with outsourcing to vendors, as essentially every business relies on at least a few third-party partnerships to improve efficiency and enhance capabilities. However, these partnerships also present various cybersecurity risks that can negatively impact an organization’s performance, reputation, and compliance with industry regulations and standards. To mitigate these risks, organizations must develop a robust Vendor Risk Management (VRM) process.
Read Post
upguard

GDPR: Penalties for Noncompliance and How to Avoid Them

Jul 5, 2024 By Leah Sadoian In UpGuard
The General Data Protection Regulation (GDPR) is one of the world's most stringent data protection laws, designed to safeguard individuals' personal data in Europe. Since its implementation in May 2018, GDPR has significantly impacted how organizations collect, store, and process personal data. Noncompliance with GDPR can lead to severe penalties, including hefty fines and reputational damage, making it imperative for organizations to understand and adhere to its requirements.
Read Post
upguard

How to Prepare for Cyber Essentials Assessment

Jul 5, 2024 By Leah Sadoian In UpGuard
In today's world, where cyber threats are increasingly sophisticated, organizations must take strong security measures to protect sensitive data and maintain operational integrity. One effective way to show your dedication to cybersecurity is by obtaining Cyber Essentials certification. This government-backed scheme in the UK helps organizations implement essential security controls to defend against common online threats.
Read Post

Managing Third-Party Cyber Risk in Financial Services

Jul 4, 2024 By UpGuard In UpGuard
In today's interconnected financial landscape, businesses face increasing risks from third-party vendors, making effective cyber risk management essential. Significant data breach costs and stringent regulatory requirements place further burden on this sector. In response, UpGuard offers a Vendor Risk Management solution to help institutions manage these risks and maintain compliance. Learn more at upguard.com/fsi.
View Video
bitsight

NIS2 Compliance: How to Identify and Evaluate Critical Suppliers

Jul 3, 2024 By Francisco Fonseca In BitSight
As the NIS2 Directive reshapes the cybersecurity landscape across Europe, a key focus for organisations is understanding and managing their critical suppliers. The directive mandates heightened scrutiny and tighter controls around these essential entities, underscoring their importance in your overall cybersecurity strategy. But the pivotal question remains: How do you determine who qualifies as a 'critical supplier'?
Read Post
jumpcloud

Your Cybersecurity Risk Is Higher on July 4

Jul 3, 2024 By Kate Lake In JumpCloud
While the Fourth of July is typically considered a day of celebration for those in the U.S., many don’t realize it’s also a period of heightened risk. In fact, this isn’t unique to the Fourth of July: holidays often see an uptick in cybersecurity threats. With the Fourth of July nearly upon us, let’s examine why this happens and how you can protect yourself and your business.
Read Post
kovrr

Likely Disclosure Inconsistencies With Massive Snowflake Data Breach

Jul 2, 2024 By Kovrr In Kovrr
‍After unearthing evidence as early as May 2024, cloud computing–company Snowflake released an official statement on June 2, reporting that they were investigating a series of targeted cyber events. A week later, Google's Mandiant, who, alongside Crowdstrike, is aiding Snowflake in this investigation, concluded that clients had been attacked after malicious actors had gotten access to compromised credentials.
Read Post
sysdig

Want Your Third Parties To Take Security Seriously?

Jul 2, 2024 By Crystal Morin In Sysdig
In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.
Read Post
upguard

G2 Names UpGuard #1 TPRM Software - Summer 2024

Jul 2, 2024 By Kaushik Sen In UpGuard
We are delighted to announce that UpGuard has once again been recognized as the Leader in Third-Party and Supplier Risk Management Software by G2. The publication of G2's Summer 2024 report marks eight consecutive quarters were UpGuard was named a Category Leader. Established in 2012, G2 is a trusted resource for software reviews and customer feedback. It guides over 90 million users, including employees from all Fortune 500 companies, in making informed software choices.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.