The Domain Name System (DNS) translates domain names (e.g., datadoghq.com) into IP addresses via a process called DNS resolution. This translation facilitates all kinds of network communication, from enabling web browsers to connect to a desired page without requiring users to remember IP addresses, to internal communication across private infrastructure, such as Kubernetes environments.

Vendor risk scoring is a critical component within vendor risk management (VRM) or third-party risk management (TPRM) programs and an organization’s overall risk management strategy. Risk scoring is an integral tool in the risk assessment process, helping organizations identify, evaluate, and mitigate potential risks associated with third-party vendors or service providers.

During a recent client investigation, Trustwave SpiderLabs found a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. Our client had been searching for the Advanced IP Scanner tool online and inadvertently downloaded the compromised installer from a typo-squatted domain that appeared in their search results. Figure 1. Search results for Advanced IP Scanner may direct users to a malicious domain.

Continuous Threat Exposure Management (CTEM) serves as a strategic framework for evaluating an organization’s security posture. CTEM is specifically designed to identify and address vulnerabilities and other security gaps within an organization’s digital infrastructure. In essence, CTEM is a systematic approach to fortify cyber defenses and mitigate potential security risks effectively. Gartner, which created CTEM, sees it as a sort of Vulnerability Management 2.0.

Anyone remotely wired into technology newsfeeds – or any newsfeeds for that matter – will know that AI (artificial intelligence) is the topic of the moment. In the past 18 months alone, we’ve borne witness to the world’s first AI Safety Summit, a bizarre and highly public leadership drama at one of the world’s top AI companies, and countless prophecies of doom. And yet, even after all that, it seems businesses have largely failed to take meaningful action on AI.

There are more SaaS applications in use by businesses than ever before—and the adoption rate is only going to continue to increase. According to Netskope’s annual Cloud & Threat Report, SaaS adoption continued to rise in enterprise environments throughout 2023, with users constantly accessing new, mostly unmanaged, apps and increasing their use of existing apps.

Who doesn’t like a good bedtime story from Grandma? In today’s landscape, more and more organizations are turning to intelligent chatbots or large language models (LLMs) to boost service quality and client support. This shift is receiving a lot of positive attention, offering a welcome change given the common frustrations with bureaucratic delays and the lackluster performance of traditional automated chatbot systems.

Ever wonder how Nucleus got started? Curious to know what our CEO and co-founder Steve Carter is working on? You’re in luck. Steve joined host Chris Hughes on the Cyber Resilience podcast to talk about those topics and more. Additionally, Steve and Chris explored the process for earning FedRAMP authorization, some of the particular vulnerability management challenges government agencies are dealing with, and why risk-based vulnerability management resonates with the government community.