Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This month's product updates and enhancements rollup include Issue Auto-Remediation, eTMF – optional artifacts and automatic milestones, and importing credentials from the desktop app for Microsoft Co-editing. Below is a summary of these and other new releases. Visit the articles linked below for more details.

dYdX is a leading decentralized finance protocol that focuses on perpetual derivatives trading. dYdX focuses on investment tools like perpetual futures (a type of derivative that allows traders to speculate on the price of a crypto asset without owning it). The dYdX Chain distributes 100% of protocol fees to DYDX Stakers for bolstering the dYdX Chain’s security. Fireblocks offers secure and efficient access to dYdX’s decentralized exchange features.

Attending industry events is quite possibly one of the most important requirements of running a successful managed service provider (MSP) business. Why? On the one hand, a few days away from the day-to-day grind of running your MSP to instead network with your peers and enjoy some MSP swag seems like the perfect opportunity to unwind while staying connected. On the other (equally as important!) hand is all the great learning going on.

Note: This vulnerability remains under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical zero-day vulnerability, being tracked as CVE-2024-24919, has been discovered and patched in a number of Check Point products. This vulnerability has a CVSS score of 8.6 assigned by Check Point and is actively being exploited in the wild with proof of concept (POC) exploits available.

One of the biggest SIEM management problems SOC teams face is that they are often overwhelmed by false positives, leading to analyst fatigue and visibility gaps. In addition to that, one of the toughest challenges in security is detecting when SaaS access tokens are compromised without adding to the false positive problem. At Elastic, the InfoSec team tackles both of these issues by automating SIEM alert investigations with tools like Tines.

Whenever a government agency, contractor, or subcontractor wants to work with a cloud service provider, they have to find one that upholds the level of cybersecurity, physical security, and authentication that the government sets as standard. Usually, agencies have two options to do this. They can work with a cloud service provider that is FedRAMP authorized, or they can work with one that is FedRAMP Equivalent.

Vulnerability scanning is a critical component of any robust Offensive Security strategy. When combined with penetration testing and Red Team exercises, they can serve as an early warning system to identify potential security weaknesses and provide an organization with the breathing room needed to implement changes before they are discovered and exploited.

This month we have something big: Our new Third Party Risk Assessment app, TPRA. And it’s now available to current customers!

Many organizations are planning to adopt passwordless authentication or are already in the process of doing so. Passwordless authentication has many benefits such as being more secure than traditional passwords, providing a better user experience, reducing helpdesk costs and enhancing productivity. Continue reading to learn more about the benefits of implementing passwordless authentication in your organization and how Keeper helps with its implementation.

Up to 94% of companies that experience severe data loss never recover, making it important for every organization to take steps to protect their data. To prevent data loss, organizations should regularly back up data, keep software up to date, store sensitive data in encrypted storage, use antivirus software, implement least privileged access and equip employees with a password manager.