In the intricate healthcare ecosystem, cybersecurity is akin to the human immune system – a vital defense that safeguards the body from external and internal threats. Healthcare cybersecurity is essential for protecting patient data, ensuring medical service availability and maintaining compliance across the medical industry. The future of healthcare is increasingly digital, and its security depends on the strength of identity security measures.

ADC vendor landscape is experiencing a significant change as a result of acquisitions and shifting portfolio priorities among the two largest ADC vendors. That is bringing about uncertainty with customers who have relied on these vendors for their mission-critical application infrastructures. Businesses are built on applications, and for digital-first businesses, they are critical for driving revenue and delivering a positive customer experience.

The last time we wrote about open source software (OSS) for security, we explored how community-driven innovation addresses security problems stemming from the rapid pace of business-driven technological advancements. We posed the question: Can open source security solutions adequately secure and protect the OSS that modern businesses depend on?

When former University of Tennessee women’s basketball coach Pat Summitt retired in 2012, she had more wins than anyone in college basketball history. And yet, when asked about winning, the Vols legend is famously quoted as saying: “Winning is fun … Sure. But winning is not the point. Not giving up is the point. Never letting up is the point. Never being satisfied with what you’ve done is the point.”

Onboarding is perhaps the most precarious phase of the Vendor Risk Management process. A single oversight could expose your organization to dangerous third-party security risks, increasing your chances of suffering a data breach. This post explains how to bolster the most vulnerable access points of the vendor onboarding process to help you securely scale your VRM program.

Digital compliance has become a significant focus for any organisation providing or consuming digital products and services in Europe. With the continuous evolution of digital technology, businesses increasingly struggle to stay on the right side of the law and operate resiliently. So, strategic navigation is crucial.

Last week, CISA added CVE-2024-1086 to its Known Exploited Vulnerability Catalog. CVE-2024-1086, a use-after-free vulnerability in the Linux kernel’s netfilter, was disclosed on January 31, 2024 and assigned a CVSS of 7.8 (High). If successfully exploited, it could allow threat actors to achieve local privilege escalation. While there was no evidence of active exploitation at the time of disclosure, we have since observed adversaries targeting CVE-2024-1086 in the wild.

Vendor Risk Management encompasses a wide range of cybersecurity risk factors. As such, a VRM report design could range from highly detailed to concise, depending on the specific reporting requirements of stakeholders and the board. This list represents the most comprehensive scope of third-party risk management information to fit the broadest range of VRM reporting use cases.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Perhaps the most popular of gig ticketing systems has notified a breach. Not great…

CrowdStrike is constantly researching, working and innovating to stay at the cutting edge of threat detection and response. Recently, these efforts include EMBERSim, a large-scale dataset developed to address limitations in binary code similarity (BCS), improve malware detection and facilitate future work in this area.