Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With the changing security landscape, the most daunting task for the CISO and CIO is to fight an ongoing battle against hackers and cybercriminals. Bad actors stay ahead of the defenders and are always looking to find new vulnerabilities and loopholes to exploit and enter the business network. Failing to address these threats promptly can have catastrophic consequences for the organization.

If you were at the National Association of State Chief Information Officers (NASCIO) conference in Minneapolis last week, you might have noticed a wide array of topics that were top-of-mind for state CIOs across the United States.

In an evolving era of Artificial Intelligence (AI) and Large Language Models (LLMs), innovative tools like GitHub's Copilot are transforming the landscape of software development. In a prior article, I published about the implications of this transformation and how it extends to both the convenience offered by these intelligently automated tools and the new set of challenges it brings to maintaining robust security in our coding practices.

Penetration testing is a pre-defined set of procedures used to identify any unknown weakness in the IT infrastructure of a business. It involves attempts to exploit vulnerabilities, which may exist in services and application flaws, operating systems, risky end-user behaviour, or improper configurations, to validate the efficacy of protection mechanisms and end-user observation of security policies.

Zero trust is a philosophy and practice all about securing data across your entire network. Zero trust means trust no one — authenticate everyone. Adopting this philosophy means your organization assumes that every single user, device and service that attempts to connect to its network is hostile until proven otherwise.

Today’s guest is Charles Chu, CyberArk’s General Manager of Cloud Security, who’s spent more than a decade at the forefront of cloud security. Chu joins host David Puner for a conversation that delves into secure cloud access and the concept of zero standing privileges (ZSP), a dynamic approach to securing identities in multi-cloud environments.

In the world of professional wrestling, one thing separates the legends from the rest: their presence in the ring. Like in wrestling, the digital world demands a robust and reliable presence for the ultimate victory. Enter Cato Networks, the undisputed champion regarding Secure Access Service Edge (SASE) Points of Presence (PoPs).

Cisco has released a Product Security Incident Response Team (PSIRT) advisory regarding a zero-day vulnerability in the web UI feature of Cisco IOS XE software. Cisco has stated that the web-based user interface should never be accessible through the public internet, yet research indicates that more than 10,000 Cisco devices have been exploited by an unknown threat actor. This critical vulnerability is being tracked as CVE-2023-20198 and is currently undergoing investigation for active exploitation.

Remote work has increased the usage of Remote Desktop Protocol. However, Remote Desktop Protocol connections can have many vulnerabilities if not properly secured. The best way to secure Remote Desktop Protocol connections is by creating strong login credentials and using a secure network. This will help protect your company from cyberattacks that could compromise sensitive data.

Chicago’s health providers are prime targets for opportunistic hackers; Cook County Health is the most recently discovered victim of a cyber assault. Assailants took advantage of a third-party medical transcription service Perry Johnson & Associates, Inc. (PJ&A) provided. The attack targeted PJ&A’s systems, resulting in the exposure of numerous patient records. If hackers accessed your information during the breach, there’s still time to protect yourself.