Access control is one of the most essential cybersecurity practices. Meticulous management of user access rights helps to secure sensitive data and reduces the chance of a successful attack. However, choosing an access control model relevant to your organization can be tricky. This article discusses use cases for mandatory access control (MAC) and discretionary access control (DAC) models. We also show the difference between DAC and MAC to help you choose one over the other.

This month's product updates and enhancements rollup include Issue Auto-Remediation, eTMF – optional artifacts and automatic milestones, and importing credentials from the desktop app for Microsoft Co-editing. Below is a summary of these and other new releases. Visit the articles linked below for more details.

This month we have something big: Our new Third Party Risk Assessment app, TPRA. And it’s now available to current customers!

Vulnerability scanning is a critical component of any robust Offensive Security strategy. When combined with penetration testing and Red Team exercises, they can serve as an early warning system to identify potential security weaknesses and provide an organization with the breathing room needed to implement changes before they are discovered and exploited.

dYdX is a leading decentralized finance protocol that focuses on perpetual derivatives trading. dYdX focuses on investment tools like perpetual futures (a type of derivative that allows traders to speculate on the price of a crypto asset without owning it). The dYdX Chain distributes 100% of protocol fees to DYDX Stakers for bolstering the dYdX Chain’s security. Fireblocks offers secure and efficient access to dYdX’s decentralized exchange features.

Attending industry events is quite possibly one of the most important requirements of running a successful managed service provider (MSP) business. Why? On the one hand, a few days away from the day-to-day grind of running your MSP to instead network with your peers and enjoy some MSP swag seems like the perfect opportunity to unwind while staying connected. On the other (equally as important!) hand is all the great learning going on.

Where there is money, there are cybercriminals trying to take it. This is especially true for credit unions, which deal with both financial information and the personal identifying information (PII) of every member and connected institution. They are a digital vault of data and dollars and threat actors are all too ready to crack the safe.

Note: This vulnerability remains under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical zero-day vulnerability, being tracked as CVE-2024-24919, has been discovered and patched in a number of Check Point products. This vulnerability has a CVSS score of 8.6 assigned by Check Point and is actively being exploited in the wild with proof of concept (POC) exploits available.