Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As organizations across every sector come to rely more and more heavily on digital data storage, digital work platforms, and digital communications, cyber attacks are becoming increasingly common. Enterprising cyber attackers see opportunities abound with the widespread digital transformation across industries. Social engineering cyber attacks present a particularly potent threat to organizations.

On July 12th, 2023, SonicWall published a security advisory detailing fifteen security vulnerabilities in Global Management Suite (GMS) and Analytics. Among these vulnerabilities, Arctic Wolf has highlighted four in this bulletin which received a Common Vulnerability Scoring System (CVSS) rating of critical. The following vulnerabilities can allow an unauthenticated threat actor to view, modify, or delete data that the application is able to access.

Any organization or agency that receives federal tax information (FTI) is now required to prove that their data protection policies meet IRS 1075 compliance standards. That means federal, state, county and local entities – as well as the contractors they employ – all fall within this scope.

Fortra’s Core Security recently released its 2023 Pen Testing Report, and there’s plenty to see. In this year’s report, IT decision-makers can learn what their peers are saying about why they pen test, how often they pen test, and whether or not they’re pen testing in-house, among other topics. Each year, Core Security collects and produces some of the industry’s most relevant data on the state of pen testing today.

The rapid growth of the gaming industry over the past 20 years has attracted undesired attention from hackers and cybercriminals, making it imperative to address the risks and vulnerabilities that can compromise the security of gaming apps. To better prepare against future attacks, you need to know what are the exact online gaming risks. In this article, we will explore the challenges of online gaming security and highlight top key indicators of a security breach.

Be the first to receive the Cloud Threats Memo directly in your inbox by subscribing here. Charming Kitten (also known as APT35, TA453, Mint Sandstorm, Yellow Garuda) is a well-known prolific Iranian state-sponsored threat actor, particularly active through complex social engineering campaigns, against European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations since at least 2014.

Your choice of external attack surface management software could significantly reduce your data breach risks, but only if it has the proper set of features. To learn which features to look out for in an external ASM solution, read on. Learn how UpGuard simplifies Attack Surface Management >

Effective remediation management is critical as it has the greatest positive influence on your cybersecurity risk management lifecycle. Efficient remediation ensures vulnerabilities are completely addressed, supporting compliance management efforts and a healthy security posture, reducing overall data breach risks. Poor remediation burdens security teams with avoidable incident responses, distracting them from emerging cyber threats bloating remediation backlogs.

If you are using Microsoft 365 (M365) or SharePoint and need to comply with or learn more about US export control requirements, read our 6 W’s of ITAR and EAR Compliance to help you comply with these strict U.S. regulations.

Our latest update incorporates risk evaluation built upon financial quantification. A critical component of the risk evaluation feature is the top risk matrix, which provides risk metrics for tracking, benchmarking, and reporting. By analyzing risk drivers through the ATT&CK MITRE framework’s initial vectors and event types, Kovrr provides a comprehensive breakdown that enables a detailed understanding of the likelihood and the potential of risks.