%term

A Case Study in Vulnerability Prioritization: Lessons Learned from Large-Scale Incidents

Oct 1, 2024 By Audra Streetman In Splunk

There’s no way around it: vulnerability management is complex. As organizations become more reliant on software and applications, the sheer volume of known vulnerabilities has become more difficult to track, prioritize, and remediate. Adversaries have also become increasingly reliant on exploiting vulnerabilities in order to compromise organizations.

Read Post

Splunk

Read more about A Case Study in Vulnerability Prioritization: Lessons Learned from Large-Scale Incidents

Can I Remove My Information From the Dark Web?

Oct 1, 2024 By Ashley D'Andrea In Keeper

Unfortunately, once your information has been put on the dark web, you cannot remove it. Despite this, you can still protect your personal information and identity by changing your passwords, enabling Multi-Factor Authentication (MFA) and monitoring your online accounts for suspicious activity. Continue reading to learn how to tell if your information is on the dark web and what you can do to protect yourself if it is.

Read Post

Keeper

Read more about Can I Remove My Information From the Dark Web?

4 MSSP Trends: Differentiate Your Business with CTEM, AI SOC, and More

Oct 1, 2024 By Torq In Torq

MSSPs have huge potential for growth as more and more companies turn to experts to outsource their cybersecurity. Tailwinds such as escalating cyber threats, the need to protect more customer data than ever before, and growing compliance requirements are driving the managed security services market’s growth at a compound annual growth rate of 15.4% from 2023 to 2030.

Read Post

Torq

Read more about 4 MSSP Trends: Differentiate Your Business with CTEM, AI SOC, and More

Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594

Oct 1, 2024 By Emma Zaballos In CyCognito

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.

Read Post

CyCognito

Read more about Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594

Is VAPT required for ISO 27001 compliance?

Oct 1, 2024 By Indusface In Indusface

It’s considered a best practice to regularly conduct VAPT to identify and fix vulnerabilities in systems, applications, and networks, ensuring robust security.

View Video

Indusface

Read more about Is VAPT required for ISO 27001 compliance?

Seeing the Unseen: Salt Security and eBPF

Oct 1, 2024 By Eric Schwake In Salt Security

APIs are crucial in our digital world, but they also introduce new vulnerabilities. Attackers often exploit these vulnerabilities by concealing malicious payloads within encrypted traffic, rendering them undetectable to traditional security tools. As we observe Cybersecurity Awareness Month, it's important to emphasize the significance of advanced solutions that can detect hidden threats.

Read Post

Salt Security

Read more about Seeing the Unseen: Salt Security and eBPF

SaaS Security: Understanding Modern Threats and How to Guard Against Them

Oct 1, 2024 By Lookout In Lookout

The rise of cloud-based software applications has changed the way many companies operate. Leveraging SaaS platforms allows organizations to streamline their workflows and better accommodate remote and hybrid workforces. However, spreading your data throughout the cloud can leave it vulnerable — unless you have strong SaaS security practices in place.

Read Post

Lookout

Read more about SaaS Security: Understanding Modern Threats and How to Guard Against Them

New Survey Shows 40% of Respondents Never Received Cybersecurity Training From Their Employer

Oct 1, 2024 By Stu Sjouwerman In KnowBe4

Yubico has published a survey of 20,000 people from 10 countries around the world, finding that 40% of respondents have never received cybersecurity training from their employer. Additionally, 70% of respondents said they’ve been exposed to cyber attacks in their personal lives within the past 12 months, and 50% faced cyber attacks at work.

Read Post

KnowBe4

Read more about New Survey Shows 40% of Respondents Never Received Cybersecurity Training From Their Employer

Secure Cloud Access with Wiz & CyberArk: Enhance Multi-Cloud Security at Cloud Speed | CyberArk

Oct 1, 2024 By CyberArk In CyberArk

Discover how the powerful integration between Wiz and CyberArk enhances cloud security by identifying and controlling excessive cloud privileges. In this demo, you'll see how Wiz flags risky access, while CyberArk applies just-in-time privileged access for secure administrative operations in multi-cloud environments. By leveraging the principle of least-privilege, CyberArk's Secure Cloud Access ensures all sessions are monitored for compliance and audit without slowing down your cloud development.

View Video

CyberArk

Read more about Secure Cloud Access with Wiz & CyberArk: Enhance Multi-Cloud Security at Cloud Speed | CyberArk

Why Microsoft is mandating MFA for Microsoft Entra ID and Azure

Sep 30, 2024 By M365 Manager Plus In ManageEngine

Starting on Oct. 15, 2024, Microsoft Entra ID, Microsoft Intune, and other Microsoft Azure applications will require users to sign in with Microsoft Entra MFA. With increasing threats of account takeovers and large-scale phishing attacks targeting Entra ID users, this looks to be a step in the right direction.

Read Post