SecurityScorecard Achieves FedRAMP 'Ready' Designation

SecurityScorecard is proud to announce that it has achieved the Ready Designation under the Federal Risk and Authorization Management Program (FedRAMP). This designation demonstrates SecurityScorecard’s commitment to the rigorous security standards required by the U.S. government for cloud service providers, and it will enable the company to meet growing demand from U.S. federal agencies for its Third-Party Cyber Risk Management Platform. U.S.

Navigating the cyber battleground: The vital role of network security policy management

The landscape of cyberthreats is continuously evolving, and to keep pace organizations employ robust network security strategies. This involves creating, executing, and maintaining a set of guidelines, or network security policies, on how the organization’s network should be protected from external threats. This process is termed network security policy management (NSPM) and it’s instrumental in maintaining the integrity of the network.

Cybersecurity Power Plays: Product Pairings for Stronger Security

In sports, the most successful teams master the art of strategic combinations. The same is true within the cybersecurity arena. In today’s expanding and complex threat landscape, trying to beat cyber opponents with a starting lineup of disparate point solutions is a losing strategy. How much better would your cyber defenses be with correlated threat intelligence across each of your key security solutions?

CrowdStrike Services Offers Incident Response Executive Preparation Checklist

Within your incident response plan, there typically is (or should be) a trigger to notify your executive team of an impending crisis. While many organizations believe they’ve worked out the logistics of gathering leadership on the phone, getting decisions made, and garnering their support for your proposed response plan, they often find out in the heat of an incident that the leadership team is miles apart in your understanding of what happens next.

Fireblocks enhances Payments Engine with new Dynamic Payment Flow Builder

Fireblocks is proud to announce the latest enhancement to our Payments Engine – the Dynamic Payment Flow Builder. The new point-and-click interface enables businesses to configure custom payment flows to suit their use case, or leverage our pre-built cross-border, merchant settlement, and payout flows to orchestrate instant fiat and stablecoin settlements. Best of all, no coding is involved, so operations teams without engineering resources are empowered to utilize this feature easily.

The 443 Podcast - Episode 265 - CISA's Secure by Design Whitepaper

This week on the podcast, we cover CISA's newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA's efforts to regulate cybersecurity practices in water districts, and then discuss research into the latest "bullet proof hosting" options for malicious web content.

CVE-2023-20198: Actively Exploited Privilege Escalation Vulnerability in Cisco IOS XE

On October 16, 2023, Cisco published a security advisory regarding an actively exploited and unpatched privilege escalation vulnerability in the Web UI feature of the Cisco IOS XE operating system, both physical and virtual. The vulnerability could allow a remote, unauthenticated threat actor to create an account with maximum privileges (privilege level 15 access) on the affected device. Due to these factors, Cisco has given this vulnerability the maximum possible CVSS score of 10.

Top Five Free and Open Source SIEM

In an age where cybersecurity is paramount, organizations must be vigilant in protecting their digital assets and sensitive information. Security Information and Event Management (SIEM) solutions are crucial in this endeavor, as they provide comprehensive visibility into an organization’s cybersecurity posture. While there are many commercial SIEM tools on the market, the pursuit of truly free and open-source SIEM solutions is gaining traction.

Data Exposure Misconfiguration Issue in ServiceNow (Potential Public List Widget Misconfiguration)

On October 18, 2023, ServiceNow published a knowledge base article revealing that they are aware of reporting that details a potential misconfiguration issue. This issue lies in the Access Control Lists (ACL) within ServiceNow that if misconfigured could result in unauthenticated threat actors being able to access data. The issue was discovered by a security engineer at AppOmni, and was disclosed in a blog to the public on October 14, 2023.

Build a 24/7 Security Operations Center (SOC) with Free and Open Source Technologies

Welcome to our comprehensive guide on building a 24/7 Security Operations Center (SOC) using free and open-source technologies. In the digital age, protecting your organization’s information assets has never been more important. Cyber threats are constantly evolving, and organizations of all sizes and industries are vulnerable to attacks.