%term

GDPR Compliance Guide: A 9-Step Checklist

Sep 27, 2023 By SecurityScorecard In SecurityScorecard

With many nuances to consider, adhering to the General Data Protection Regulation (GDPR) requirements can be a daunting task. After all, the entirety of the GDPR consists of a whopping 99 Articles. Fortunately, by following a GDPR security checklist, you can help your organization ensure that all required facets of data security are covered without sifting through pages and pages of legalese.

Read Post

SecurityScorecard

Read more about GDPR Compliance Guide: A 9-Step Checklist

A Deep Dive into the Exploit Prediction Scoring System EPSS

Sep 27, 2023 By Nucleus In Nucleus

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS’s goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data.

View Video

Nucleus

Read more about A Deep Dive into the Exploit Prediction Scoring System EPSS

Overcoming Cybersecurity Headwinds Part 2: Automation and Repurposing Time Savings

Sep 27, 2023 By Vanessa Jankowski In BitSight

Welcome back to our Overcoming Cybersecurity Headwinds blog series—inspired by my latest webinar about third party risk with Marc Crudginton, CISO at Howard Hughes Corporation. In our last blog, we explored the wisdom of centrally managing cyber risk efforts across your organization and your third-party supply chain—a strategy that helps you do more with less in an era of budget constraints. Today, we dive deeper into the core of efficient Third Party Risk Management (TPRM): Automation.

Read Post

BitSight

Read more about Overcoming Cybersecurity Headwinds Part 2: Automation and Repurposing Time Savings

Combining IT and OT security for enhanced cyber risk management

Sep 27, 2023 By Irfan Shakeel In AT&T Cybersecurity

Historically, IT and OT have operated in separate worlds, each with distinct goals and protocols. IT, shaped by the digital age, has always emphasized the protection of data integrity and confidentiality. In this space, a data breach can lead to significant consequences, making it crucial to strengthen digital defenses. On the other hand, OT, a legacy of the Industrial Revolution, is all about ensuring machinery and processes run without interruptions.

Read Post

AT&T Cybersecurity

Read more about Combining IT and OT security for enhanced cyber risk management

5 Strategies to Reduce Attack Surface Exposure

Sep 26, 2023 By Olivia Bilodeau In BitSight

Bitsight was recently named an Overall Leader in the 2023 KuppingerCole Analyst AG Leadership Compass for Attack Surface Management. The report—which provides an overview and comparison of relevant vendors in defined segments—also identified Bitsight as a leader in several other categories, including Product Leader, Innovation Leader, and Market Leader. To read the in-depth report analysis, download your free copy here.

Read Post

BitSight

Read more about 5 Strategies to Reduce Attack Surface Exposure

Just How Accurate Are Security Ratings?

Sep 26, 2023 By SecurityScorecard In SecurityScorecard

Third-party cyber risk is now one of the biggest threats today, according to many CISOs. Security leaders point to the fact that many of the recent major breaches have been a result of a single software supply chain vulnerability: SolarWinds, Log4j, and MOVEit, just to name a few.

Read Post

SecurityScorecard

Read more about Just How Accurate Are Security Ratings?

Effective Cybersecurity and Risk Management Starts Here

Sep 26, 2023 By CyCognito In CyCognito

Hear first hand from Chief Technical Officer, Randy Watkins, as he explains why attack surface mapping is critical to an organization’s security posture and managing their IT assets. Learn how prioritizing security risk helps to cut through a sea of security issues and gives focus to security teams on what is critical.

View Video

CyCognito

Read more about Effective Cybersecurity and Risk Management Starts Here

BlueVoyant Digital Risk Protection

Sep 25, 2023 By BlueVoyant In BlueVoyant

Go outside the wire with our end-to-end digital risk protection solution to detect and eliminate cyber threats.

View Video

BlueVoyant

Read more about BlueVoyant Digital Risk Protection

Unpacking ISO 31010: Effective Risk Assessment Techniques

Sep 22, 2023 By Edward Kost In UpGuard

ISO 31010 is a supplementary document to the risk management standard ISO 31000. It was developed to support the risk assessment process in ISO 31000, outlining different risk assessment techniques to broaden the scope of an organization’s risk evaluation methods. This post offers a comprehensive overview of ISO/IEC 31010, highlighting the standard’s potential to increase the effectiveness of risk management strategies. Learn how UpGuard streamlines Vendor Risk Management >

Read Post

UpGuard

Read more about Unpacking ISO 31010: Effective Risk Assessment Techniques

SmokeLoader's Plugins

Sep 21, 2023 By Stanislas Arnoud In BitSight

SmokeLoader is a well-known malware family that has been around for more than 10 years. Its main purpose is to download and drop other malware families. However, SmokeLoader's operators also sell plugins that add capabilities to the main module. Those plugins allow an affiliate to collect browser data from infected computers, as well as emails, cookies, passwords, and much more. In this blog post, we'll dissect SmokeLoader's plugins that were received by an infected computer from the botnet "0020".

Read Post