Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2024

Nucleus Security's Year-End Panel on Risk-Based Vulnerability Management

Dec 20, 2024 By Nucleus In Nucleus
In this Nucleus webinar, our panel of cybersecurity experts delves into the complexities and best practices for Risk-Based Vulnerability Management (RBVM) in modern organizations. Led by co-founder Scott Kuffer, the discussion covers the evolution of RBVM, the importance of a unified data approach, the role of automated tools, and effective metrics for vulnerability management. Insights from Cecil Pineda, Gregg Martin, and Steve Carter provide a comprehensive look at strategies for mitigating risks and improving security posture through enhanced vulnerability management processes into 2025.
View Video
riscosity

DPDP, India's Privacy Law

Dec 19, 2024 By Anirban Banerjee In Riscosity
India's Digital Personal Data Protection (DPDP) law, enacted in 2023, represents a pivotal step in safeguarding personal data privacy while fostering accountability among entities handling such data. As businesses grapple with its requirements, understanding its core mandates, applicability, timeline, and implications is critical for compliance and operational efficiency.
Read Post
SecurityScorecard

Day in the Life of a CISO: A Vendor Breach: Assessing Our Exposure

Dec 19, 2024 By SecurityScorecard In SecurityScorecard
It’s 10:47 PM, and I’m halfway through binge-watching the latest must-see series when my phone buzzes. A notification from SecurityScorecard has my attention instantly: one of our critical vendors has just reported a breach. I hit pause, grab my laptop, and dive straight in. As much as I’d love to ignore it for a few hours, cyber risks don’t come with snooze buttons. Before panic sets in, I’m logging into the SecurityScorecard platform.
Read Post
cyberark

Discover Every Identity to Manage Cybersecurity Risk Effectively

Dec 18, 2024 By Lilach Faerman Koren In CyberArk
Next time you’re outside on a clear night, look up at the stars and start counting. Chances are you’ll lose track, skip over some or completely forget where you started—there are just so many. Now imagine that vast sky is your enterprise, and each sparkling dot represents an identity (or account). Can you find them all—let alone secure them? If you’re like most organizations out there, the answer is no.
Read Post
obrela

Get a unified approach towards Compliance with NIS2 and DORA

Dec 18, 2024 By Notis Iliopoulos In Obrela
In the cyber security domain, the increase of cyber-attacks alongside the acceleration of businesses’ digital transformation, drive states to deploy a more ringent regulatory framework to protect data and establish a code of conduct for businesses. In this perspective, it is essential to view compliance as an integral component of the wider governance framework, which is grounded in international standards of an interconnected world that makes best use of already tested best practices.
Read Post
bitsight

The Aftermath of the Kaspersky Ban

Dec 18, 2024 By Pedro Umbelino In BitSight
In the spring of 2024, amid growing international concern about supply chain risk and the trust and reliability of technology suppliers, the United States banned Kaspersky Lab, Inc., the Russia-based antivirus company from providing its products to the US market. The ban went into effect on September 30, 2024. What impact has the ban had on US and global usage of Kaspersky? Has it been effective? A new analysis from Bitsight contains some surprising results.
Read Post
bitsight

Enhancing Corporate Governance in the Digital Age: Integrating Cybersecurity into ESG Stewardship

Dec 18, 2024 By Nicole Matusek In BitSight
In an era where digital resilience is vital to corporate health, cybersecurity is a critical governance issue. The partnership between Bitsight and Glass Lewis underscores this reality by providing companies with a forward-thinking approach to assessing cybersecurity as part of Environmental, Social, and Governance (ESG) considerations.
Read Post
riscosity

LLMs - The what, why and how

Dec 18, 2024 By Anirban Banerjee In Riscosity
LLMs are based on neural network architectures, with transformers being the dominant framework. Introduced in 2017, transformers use mechanisms called attention mechanisms to understand the relationships between words or tokens in text, making them highly effective at understanding and generating coherent language. Practical Example: GPT (Generative Pre-trained Transformer) models like GPT-4 are structured with billions of parameters that determine how the model processes and generates language.
Read Post
bitsight

BADBOX Botnet Is Back

Dec 17, 2024 By Pedro Falé In BitSight
Imagine this: you're at home, eagerly waiting for the new device you ordered from Amazon. The package arrives, you power it on, and start enjoying all the benefits of 21st century technology—unaware that, as soon as you powered it on, a scheme was unfolding within this device. Welcome to the world of BADBOX. BADBOX is a large-scale cybercriminal operation selling off-brand Android TV boxes, smartphones, and other Android electronics with preinstalled malware. What does this mean?
Read Post
SecurityScorecard

Securing Your Healthcare Supply Chain: A Guide to Supply Chain Detection and Response

Dec 17, 2024 By SecurityScorecard In SecurityScorecard
The Evolving Threat Landscape In today’s interconnected healthcare landscape, supply chain security has emerged as a critical concern. Cyber threats are becoming increasingly sophisticated, targeting vulnerable points in the supply chain to infiltrate networks and steal sensitive patient data. As a result, healthcare organizations must prioritize the security of their vendors and partners to protect their own operations and patient information. What is Supply Chain Detection and Response?
Read Post
riscosity

Riscosity and Microsoft Azure: A Powerful Partnership for Data Security

Dec 16, 2024 By Jackson Harrower In Riscosity
This collaboration is a significant step forward in making robust data security accessible to all organizations. By leveraging the Azure Marketplace, we're empowering Azure customers to easily discover, deploy, and integrate Riscosity into their existing infrastructure. This seamless integration allows for a streamlined experience and faster time to value.
Read Post
securitysenses

Emerging Threats in Cybersecurity: Safeguarding Software from Evolving Risks

Dec 16, 2024 By SecuritySenses In SecuritySenses
In the digital-first landscape of today, cybersecurity threats are getting increasingly advanced and widespread, posing serious risks that could have adverse impacts on organizations the world over. Businesses are conducted through complex software systems and are increasingly susceptible to such attacks. Attackers continue refining their phishing scams and advanced persistent threats to exploit new vulnerabilities. Of the many, one such covert threat comprises malicious code, which recently has emerged as a permanent feature that requires proactive ways of lessening its impact.
Read Post
SecurityScorecard

A Day in the Life of a CISO: An Employee Email Discovered in a Password Dump

Dec 13, 2024 By SecurityScorecard In SecurityScorecard
The notification lands in my SecurityScorecard dashboard just as I’m wrapping up a meeting. An employee’s email address has shown up in a password dump on a dark web monitoring feed. Another day, another reminder of why cybersecurity is a full-contact sport.
Read Post
SecurityScorecard

Difference Between Supply Chain Detection & Response (SCDR) vs. Managed Detection and Response Services (MDR)

Dec 13, 2024 By SecurityScorecard In SecurityScorecard
In today’s cybersecurity landscape, organizations face an ever-growing variety of threats, many of which originate from their supply chains. Traditional cybersecurity measures like Managed Detection and Response (MDR) have been widely adopted, but newer, more advanced approaches like Supply Chain Detection and Response (SCDR) are redefining how businesses tackle external risks.
Read Post
SecurityScorecard

Day in the Life of a CISO: Evaluating a Plugin Vendor

Dec 13, 2024 By SecurityScorecard In SecurityScorecard
It’s mid-morning, and I’m making good progress when an email from a department head pops into my inbox. They’re thrilled about a new plugin that promises to streamline workflows for one of our most critical platforms. Naturally, they need me to sign off on the vendor’s security posture before they can move forward. I get it—business efficiency is important, but so is ensuring we don’t invite unnecessary risk into our environment.
Read Post
bitsight

Web Application Security for DevOps: Anti-CSRF and Cookie SameSite Options

Dec 12, 2024 By Chris Poulin In BitSight
This is a continuation of our series on web application security. If you haven't already read through parts 1 and 2, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: what are request methods, including the POST request method, and how does logging out of a website work when it comes to cookies and session IDs? Let's also tackle the more important issue of how to combat cross-site request forgery (CSRF) attacks.
Read Post
SecurityScorecard

How SecurityScorecard's Supply Chain Detection and Response Protects Financial Institutions

Dec 12, 2024 By SecurityScorecard In SecurityScorecard
As financial institutions continue to expand their digital ecosystems, the growing reliance on third-party vendors and service providers introduces significant cyber risks. With a majority of data breaches linked to vulnerabilities in the supply chain, managing these risks has become a necessity.
Read Post
vanta

Why security questionnaires are a familiar-but ineffective-norm for assessing risk

Dec 12, 2024 By Vanta In Vanta
‍Security questionnaires are a standard part of almost every due diligence process before companies sign on to work with a new third party. ‍ By asking detailed questions via questionnaires, organizations learn about a seller’s security controls and compliance with relevant standards. With that information, they determine how and if a partnership with that third party will expand their attack surface and increase risk—and ultimately decide if the increased risk is acceptable.
Read Post
upguard

What is Cyber Threat Detection and Response?

Dec 12, 2024 By Edward Kost In UpGuard
To compete in an era of dynamic, multimodal cyberattacks, cybersecurity programs must become multidimensional, capable of simultaneously contending with a wide range of cyber threats. In this post, we explain how your organization can develop such a multipronged approach with a branch of cybersecurity known as cybersecurity threat detection.
Read Post
resecurity

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Dec 11, 2024 By Resecurity
Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC) during NATO Edge 2024, the NATO Communications and Information Agency's flagship conference. The solution is also specifically tailored for MSSPs that protect aerospace and defense organizations.
Read Post
bitsight

A New Chapter for Bitsight: Welcoming Cybersixgill & Cyber Threat Intelligence

Dec 11, 2024 By Steve Harvey In BitSight
Today, I am thrilled to announce the official closing of Bitsight’s acquisition of Cybersixgill, a leading provider of cyber threat intelligence solutions. This is not only a pivotal step in our long-term vision—it’s a reinforcement of our promise to help each and every one of our customers to make smarter, faster risk decisions. Bitsight was founded on the belief that cyber risk is not binary.
Read Post
Snyk

Snyk's risk-based approach to prioritization

Dec 11, 2024 By Daniel Berman In Snyk
Vulnerability identification is a key part of application security (AppSec). This process entails tracking and reporting the number of vulnerabilities found and fixed to give stakeholders clear insight into the organization’s security posture. However, identifying and monitoring vulnerabilities using traditional methods can make risk evaluation more difficult.
Read Post
riscosity

Challenges with Data Security Posture Management (DSPM)

Dec 11, 2024 By Anirban Banerjee In Riscosity
While Data Security Posture Management (DSPM) is a powerful approach for discovering, monitoring, and managing sensitive data across complex systems, it is not without its challenges. These hurdles often stem from the complexity of modern data environments, evolving threats, and operational constraints. Below are the primary challenges associated with DSPM.
Read Post
obrela

What are the types of malware? Common types & examples

Dec 11, 2024 By Obrela In Obrela
Malware, short for malicious software, refers to any software specifically designed to harm, exploit, or otherwise compromise a device, network, or user data. In today’s digital age, malware attacks have become a persistent threat, targeting individuals, businesses, and even governments.
Read Post
bitsight

Turning Security Insights into Action with Bitsight's New Jira Integration

Dec 10, 2024 By Sofia Lourenço In BitSight
Enterprise security is a job that is never truly done. Success comes down to prioritizing high-impact activities, executing them efficiently, and adapting as new information emerges. Bitsight Security Performance Management (SPM) is the centerpiece of this lifecycle for many organizations. It helps security teams understand their external attack surface in detail and make data-driven decisions about how to apply their limited resources most effectively.
Read Post
bitsight

SOC 2 Compliance 101

Dec 6, 2024 By Sabrina Pagnotta In BitSight
SOC 2 compliance is no longer optional—it’s essential to a robust cybersecurity posture and cyber risk management strategy. It’s a key indicator of an organization’s commitment to securing data and maintaining operational resilience. In this blog, we’ll offer insights and recommendations to help your organization stay ahead as part of your overarching cybersecurity compliance strategy.
Read Post
bitsight

Accelerating Rating Updates Post-Remediation with Bitsight Groma

Dec 5, 2024 By Arzu Ozbek Akay In BitSight
Thousands of organizations globally rely on the Bitsight Security Rating to prioritize their internal security efforts and ensure that third-party vendors meet their security commitments. While this is a highly strategic activity, progress is often measured in incremental steps as individual security findings are remediated over time.
Read Post
veracode

5 Predictions About Managing Software Risks in 2025

Dec 4, 2024 By Brian Roche In Veracode
How does the exponential advancement of technology impact the security landscape? It makes managing the fundamental risk of the technology, the software, exponentially more complex. From AI accelerating risky code production to cloud infrastructure increasing the attack surface, the world of application risk management is enduring a rapid transformation that needs immediate attention.
Read Post
bluevoyant

Risky Business: Working with Third Parties Across the Globe

Dec 3, 2024 By BlueVoyant In BlueVoyant
To show regional differences, BlueVoyant’s latest research report includes C-level executive responses from organizations in the U.S. and Canada, U.K., Continental Europe, and APAC. Singapore had among the lowest reported negative impacts from third-party cyber breaches, while the U.K. had the most. Regional differences play a notable role in shaping how organizations approach and handle third-party cyber risk management (TPRM).
Read Post
bitsight

PROXY.AM Powered by Socks5Systemz Botnet

Dec 3, 2024 By Bitsight TRACE In BitSight
A year ago, Bitsight TRACE published a blog post on Socks55Systemz,a proxy malware with minimal mentions in the threat intelligence community at the time. In that post, we correlated a Telegram user to the botnet operation and estimated its size at around 10,000 compromised systems. After a year-long investigation, we are shedding new light on these conclusions.
Read Post

Barak Engel Lightning Interview

Dec 3, 2024 By Riscosity In Riscosity
Welcome to the third installment of Riscosity’s Lightning Interview Series In this episode, we sit down with Barak Engel, founder and CEO at EAmmune, and CISO at MuleSoft, Amplitude, StubHub, BetterUp, and Faire among others. Barak is also the author of Why CISOs Fail, The Security Hippie, and The Crack in the Crystal. Ever wonder how you pentest a novel? Tune in to find out.
View Video
keeper

Achieve Enhanced Risk Visibility With Keeper's Risk Management Dashboard

Dec 3, 2024 By Craig Lurey In Keeper
Keeper Security’s Risk Management Dashboard delivers a streamlined view within the Keeper Admin Console to quickly and easily give administrators visibility into their organization’s Keeper configuration practices and compliance posture. The Risk Management Dashboard leverages an outlined set of Keeper Security Benchmarks to keep organizations compliant and safe.
Read Post
SecurityScorecard

Grow Your MSP Practice with SecurityScorecard MAX

Dec 3, 2024 By SecurityScorecard In SecurityScorecard
Managing vendor security is a growing challenge for MSPs. Clients expect you to deliver enterprise-grade protection across their entire supply chain. However, many struggle with limited resources, manual processes, and the complexity of addressing third-party risks. SecurityScorecard MAX turns this challenge into an opportunity, helping you protect your clients while driving recurring revenue for your business.
Read Post
cultureai

Everything You Need to Know About Shadow IT

Dec 2, 2024 By The CultureAI Team In CultureAI
Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit approval from an organisation's IT department. While it sounds sinister, and has certain implications, it is not always done maliciously or with the intent of breaching security. It encompasses a wide range of digital activities where employees leverage unapproved tools to be more productive or achieve specific goals.
Read Post
kovrr

CRQ Model Update Increases Statistical Significance With 25,000 Trials

Dec 2, 2024 By Kovrr In Kovrr
As a part of its ongoing commitment to providing chief information security officers (CISOs) with practicable insights that guide high-level cyber risk management decision-making, Kovrr's latest model update increases the number of yearly trials in its Monte Carlo simulation by 150%.
Read Post
vista infosec

How to Conduct a Risk Assessment for Your Disaster Recovery Playbook

Dec 2, 2024 By Narendra Sahoo In VISTA InfoSec
Risk management is at the heart of any effective disaster recovery (DR) plan or playbook. No business is immune to disruptions, whether from natural disasters, cyberattacks, or technical failures. The question isn’t if, but when these threats will materialize. A proactive approach to risk management allows businesses to identify, assess, and mitigate these threats before they can bring operations to a standstill.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.