3 Best Third-Party Risk Management Software Solutions in 2023

From U.S. executive orders to cyber regulations, prominent cybersecurity policies are increasing their inclusion of Third-Party Risk Management standards, and for good reason - every organization, no matter what size, is impacted by third-party risks. If you're looking for a TPRM software solution to enhance the efficiency of your TPRM program, this post will help you evaluate the top contenders in the market.

CMMC v2 Compliance with EventSentry

A quick overview on how EventSentry can help organizations become CMMC v2 compliant. EventSentry features actionable dashboards and reports to become and STAY compliant. But EventSentry goes beyond compliance - the monitoring and security features of EventSentry can be leveraged by any compliance framework. The result is a network that's compliance AND secure.

CVE-2023-23368 & CVE-2023-23369: Critical Command Injection Vulnerabilities in QNAP Products

On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to the vendor’s network-attached storage (NAS) devices. Both vulnerabilities have been given critical CVSS scores (CVE-2023-23368: 9.8, CVE-2023-23369: 9.0) and both can lead to unauthenticated, remote threat actors executing commands if successfully exploited.

City of Huber Heights Targeted by Ransomware Attack Sunday

The City of Huber Heights is in east Ohio, north of Dayton. The suburban area has a population of around 50,000, but other populated areas are nearby. Sunday morning, November 12th, 2023, the City of Huber Heights was subject to a ransomware attack; the investigation is ongoing, as the attack disrupted many City divisions.

CVE-2023-47246: 0-day Remote Code Execution Vulnerability Actively Exploited in SysAid On-Premises

On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM solution. In the investigation conducted by SysAid, it was determined that the vulnerability was being actively exploited by a ransomware affiliate group known as Lace Tempest (DEV-0950), a group known for deploying the CL0P ransomware payload.

Tech Evolution: From Typists to Email - A Transformative Journey || Razorthorn Security

Explore the captivating journey of technological evolution in our latest video, where we draw intriguing parallels between the past and present. Our technological progress is often a reflection of the enduring patterns of innovation in history. Once upon a time, office spaces were abuzz with typists meticulously transcribing letters and documents onto paper, catering to the needs of companies and their customers.