Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month. Beta Release: TrustCloud Third-Party Risk Assessments (TPRA) Managing and assessing vendors shouldn’t bog you down. TrustCloud TPRA helps you prove that your vendors meet your control requirements with less time and effort. Check it out!
In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and Retch ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.
You may not recognize the term Identity Threat Detection and Response (ITDR), but this emerging security discipline aims to address an all-too-familiar challenge: managing and securing the massive number of identities – human and machine – across the enterprise.
A compromised account is an account that has been accessed without the owner’s permission. Compromised accounts can happen for a variety of reasons including public data breaches, using weak passwords, failure to enable Multi-Factor Authentication (MFA) on online accounts, falling for phishing scams or having malware unknowingly installed on your device. Continue reading to learn more about compromised accounts and tips to prevent your accounts from being compromised.
In the rapidly evolving digital landscape, artificial intelligence is a two-sided coin. Fraud protection software, like INETCO BullzAI, harnesses artificial intelligence (AI) technologies to offer fraud protection against financial criminals and cyber attackers. Conversely, fraudsters can weaponize the same technology to steal funds. A prominent example of this connection is synthetic identity fraud. This payment fraud vector often employs AI and deepfakes.
In July of this year, the Office of the National Cyber Director (ONCD) stated in its release of an RFI on regulatory harmonization that: “When cybersecurity regulations of the same underlying technology are inconsistent or contradictory—or where they are duplicative but enforced differently by different regulators … consumers pay more, and our national security suffers.” This is an understatement. SecurityScorecard agrees and was happy to share our comments with ONCD today.
In cybersecurity, the terms “trust” and “transparency” are often mentioned. And while they should no doubt be a priority, they can also be difficult to quantify. Good CISOs recognize that transparency in cybersecurity isn’t a one-time effort. It’s a continuous process that involves a near-constant state of evolution. But with the right tools and systems in place, it’s possible to not only measure trust and transparency but improve them as well.
US data transfers... are they allowed? Well. Yes. It depends....it’s complicated. Let’s get stuck in and I’ll explain all. In July this year, the EU Commission made an adequacy decision for the new EU-US Data Privacy Framework (DPF). This can be seen as Safe Harbor 3.0. Essentially, in most scenarios, data transfers from the EU to the US are now permitted without the need for other mechanisms such as Standard Contractual Clauses (SCCs).
The best security posture is a multi-layered security posture. Enterprise security leaders understand that no single tool or solution can provide best-in-class security to an entire organization on its own. As a result, security leaders continually invest in new security tools and platforms to address a growing list of emerging cyber threats like ransomware, credential-based attacks, and malicious insiders. However, not all network security solutions work together smoothly.
Custom Descriptions Teams can now design custom descriptions to provide context as to why a finding was ignored, resolved or marked as false positive. Previously, teams were provided a set of out of the box options, for the common use cases. The new flow resembles a standard documentation process where canned and contextual responses are available to help scale internal communication.
