Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data is the backbone of the financial services industry. Each transaction, interaction, and record hold sensitive information. This can be attacked by both internal and foreign attacks. In today’s highly regulated world, financial institutions must make considerable efforts to safeguard their data and comply with regulations such as GDPR, PCI DSS, SOX, and the Gramm-Leach-Bliley Act (GLBA).

As Cybersecurity Awareness Month 2024 draws to a close, let’s take a few minutes and cover one more topic. The need to be cybersecurity aware 24/7/365. Attacks happen all day every day so having cybersecurity as a top-of-mind subject for just a month out of the year means that for the other 11 months, attackers have the advantage. Here are just a few reasons organizations and their employees need to remain hyper vigilant.

You can’t do large-scale business in 2024 without having a successful, well-run IT infrastructure. Arguably, it’s difficult to do any sort of business well (large or small) without tuning your IT capabilities to your business objectives. This allows them to work as one, not against each other. COBIT is a framework created by ISACA (International Systems Audit and Control Association) to do this very task.

Security configuration management (SCM) is all about making sure your security systems do what you think they’re doing. In tennis, there is something called an unforced error. This is when a player loses points for a mistake they made themselves, not due to the skill of the other opponent. In a big way, security misconfigurations are those unforced errors on the security side or instances in which we give attackers a free win. Let/node/29512/’s stop that.

Privileged Access Management (PAM) is a comprehensive methodology for managing and securing privileged accounts—those that possess elevated permissions to perform critical functions within an organisation’s IT infrastructure. These accounts enable access to sensitive data and systems, making them highly attractive to cybercriminals. The core objective of PAM is to ensure that only authorised personnel have access to these accounts, under strict monitoring and control.

As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of ethical policy violations; they have become a , potentially aiding in the compromise of the systems they’re integrated into.

The new discovery service, delivered by the CyberArk Identity Security Platform, introduces new capabilities and streamlines the scanning of environments containing *nix, Windows and MacOS target machines. The new service offers SaaS-based flexible scans, local accounts discovery based on endpoint agents, data collection and enhanced automation using Discovery rules.

The publication of the final program rule for the Cybersecurity Maturity Model Certification (CMMC) Program, 32 CFR Part 170, in the Federal Register on October 15, 2024, was an important milestone toward ensuring the confidentiality of sensitive defense information and stemming the theft of that information by foreign adversaries. The rule becomes effective and the CMMC Program comes into existence on December 16, 2024.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from October.