Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ever wonder how Nucleus got started? Curious to know what our CEO and co-founder Steve Carter is working on? You’re in luck. Steve joined host Chris Hughes on the Cyber Resilience podcast to talk about those topics and more. Additionally, Steve and Chris explored the process for earning FedRAMP authorization, some of the particular vulnerability management challenges government agencies are dealing with, and why risk-based vulnerability management resonates with the government community.

Continuous Threat Exposure Management (CTEM) serves as a strategic framework for evaluating an organization’s security posture. CTEM is specifically designed to identify and address vulnerabilities and other security gaps within an organization’s digital infrastructure. In essence, CTEM is a systematic approach to fortify cyber defenses and mitigate potential security risks effectively. Gartner, which created CTEM, sees it as a sort of Vulnerability Management 2.0.

Machine learning (ML) and AI tools raise concerns over mis- and disinformation. These technologies can ‘hallucinate’ or create text and images that seem convincing but may be completely detached from reality. This may cause people to unknowingly share misinformation about events that never occurred, fundamentally altering the landscape of online trust. Worse – these systems can be weaponised by cyber criminals and other bad actors to share disinformation, using deepfakes to deceive.

Distributed networks, including software-defined wide area networks (SD-WAN), content delivery networks (CDNs), and secure access service edge (SASE) architectures have become integral to modern IT landscapes. They provide unparalleled performance, scalability, and flexibility, empowering businesses to operate seamlessly across geographical boundaries.

The COVID-19 pandemic triggered a seismic shift in how we work, propelling remote work from a niche option to the mainstream. Organizations scrambled to adapt, often prioritizing business continuity over security. However, as the dust settles, it's clear that this new normal of remote work isn't going anywhere. This presents a significant challenge: how do we secure a workforce that's no longer confined within the traditional office perimeter?

What happens when devices meant to make your life easier become tools for intrusion? Your smart TV could become a surveillance device, your fitness tracker could leak your health data, and your connected car could be remotely hijacked. In the world of IoT vulnerabilities, the technology designed to serve you could turn against you. The Internet of Things promises convenience and connectivity. The risks of cyberattacks targeting these devices are growing exponentially.

During some standard research as part of the Outpost24 Vulnerability Research Department, I discovered 5 vulnerabilities in Zyxel NAS devices: The vulnerabilities were disclosed to Zyxel on 2024-03-14 as part of our responsible disclosure policy, and have been resolved at the time of publishing this post (2024.06.04).

PowerShell is a powerful tool that is used for automating monotonous and time-consuming tasks. However, using these without code signing can leave you vulnerable to cyber-attacks. This blog will explain the PowerShell code signing best practices for signing your script. Let’s begin!