%term

Q1 2024 Cyber Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices

May 22, 2024 By Kroll In Kroll

In Q1 2024, we saw an evolution in techniques used by attackers, some of which may point to longer term trends in the variation and sophistication of attacks faced by organizations. In particular, with regards to phishing, we saw SMS and voice-based tactics being used, which raises concern around the potential for deep fakes and AI-type technologies to further enhance the effectiveness of phishing attacks.

Read Post

Kroll

Read more about Q1 2024 Cyber Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices

Multiple Critical SQL Injection Vulnerabilities in Ivanti Endpoint Manager

May 22, 2024 By Andres Ramos In Arctic Wolf

On May 21, 2024, Ivanti disclosed six critical-severity SQL Injection vulnerabilities affecting Ivanti Endpoint Manager, specifically versions 2022 SU5 and earlier. These six vulnerabilities, identified as CVE-2024-29822 through CVE-2024-29827, each carry a Common Vulnerability Scoring System (CVSS) score of 9.6. They allow unauthenticated attackers within the same network to execute arbitrary code on the Core server. This disclosure was made simultaneously with the release of a security hot patch.

Read Post

Arctic Wolf

Read more about Multiple Critical SQL Injection Vulnerabilities in Ivanti Endpoint Manager

AI's Role in Securing AEC Data: Paving the Path Forward

May 22, 2024 By Nick Decker In Egnyte

In the oft-obscure world of Architecture, Engineering, and Construction (AEC), the structures we see reaching for the skyline are not just feats of design and engineering but archives of data, each rivet and beam a data point in a colossal network of information. Yet, with these digital monoliths comes an invisible vulnerability – data control, a challenge that’s upending the AEC industry.

Read Post

Egnyte

Read more about AI's Role in Securing AEC Data: Paving the Path Forward

Announcing Vanta's industry-first partnership to automate HITRUST e1

May 22, 2024 By Vanta In Vanta

Today we’re excited to announce that Vanta has partnered with HITRUST Services Corp., the leader in cybersecurity assurances, to be the first automated compliance solution for the HITRUST e1 Assessment and reseller of the HITRUST MyCSF platform. Vanta is the first pre-built solution that includes the controls, documents, and policies necessary to demonstrate your commitment to safeguarding data and protected health information (PHI) — all in a way that can be validated by HITRUST. ‍

Read Post

Vanta

Read more about Announcing Vanta's industry-first partnership to automate HITRUST e1

Top 7 Cybersecurity Trends for Enterprises in 2024

May 22, 2024 By Joseph Chukwube In Tripwire

How can an organization prepare to be cyber-resilient in 2024? The major trends to look out for seem to focus mainly on AI. While the rise of generative AI indeed poses challenges, executives should be cautious not to miss other critical trends that will shape the cybersecurity landscape this year.

Read Post

Tripwire

Read more about Top 7 Cybersecurity Trends for Enterprises in 2024

OSV Scanner vs npm-audit: A detailed comparison of SCA tools

May 22, 2024 By Liron Biam In Jit

The widespread adoption of external libraries and packages in the modern application development process introduces potential security risks that could impact the entire application. To address this, Software Composition Analysis (SCA) tools like npm-audit and OSV Scanner play an important role.

Read Post

Jit

Read more about OSV Scanner vs npm-audit: A detailed comparison of SCA tools

DFPM and DSPM: Two Steps Towards Modernizing Data Security

May 22, 2024 By Anirban Banerjee In Riscosity

Data security is evolving. This evolution is making the need to understand what is going on with your data more critical. Teams need to be able to answer questions like, where is data being stored? Which vendor or team is using it? When is sensitive data being used? Where is data being sent?

Read Post

Riscosity

Read more about DFPM and DSPM: Two Steps Towards Modernizing Data Security

Vodafone Idea becomes Industry First to achieve SOC2 Type 2 Attestation

May 22, 2024 By VISTA InfoSec In VISTA InfoSec

In a significant achievement for the Indian telecommunications industry, Vodafone Idea (Vi) has become the first Indian company to secure the SOC 2 Type 2 attestation. This significant milestone not only underscores its unwavering commitment to data security but also cements its position as an industry leader in fostering trust and transparency. The attestation was conducted by VISTA InfoSec, a global Information Security Consulting firm with offices based in the US, UK, Singapore, and India specializing in GDPR, PCI DSS, HIPAA, ISO 27001, and other types of security compliance standards.

View Video

VISTA InfoSec

Read more about Vodafone Idea becomes Industry First to achieve SOC2 Type 2 Attestation

HITRUST: the Path to Cyber Resilience

May 22, 2024 By John Salmi In Tripwire

Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be overlooking one of its fundamental tenets: risk management. It is, perhaps, understandable that we overlook risk management.

Read Post

Tripwire

Read more about HITRUST: the Path to Cyber Resilience

Leadership Strategies for Risk Reduction, Transparency, and Speed

May 22, 2024 By Crystal Morin In Sysdig

To respond to the increasing number of federal cybersecurity recommendations and regulations, cybersecurity leaders and their teams need to be confident in the transparency and resiliency of their security processes. The key is a strong and well documented risk management program. This is imperative for the compliance or incident audits that come with regulations.

Read Post