The Center for Internet Security (CIS) team continuously release updates about cybersecurity best practices for new technologies. As of March 2023 all CIS Windows Server and Windows Workstation Benchmarks will be updated once a year to align with Microsoft’s update schedule. Major version updates that CIS will release (i.e., updating from v1.12.0 to v2.0.0) will account for significant changes in the operating system.

With this short guide we will explain how you can add data loss prevention (DLP) as code to communications services like Twilio and SendGrid in a few lines of code, helping ensure your customer communications remain compliant.

SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible.

Exposure management in cybersecurity is a set of processes that helps organizations view their entire attack surface and understand which areas in their IT infrastructure are most exposed to cyber threats. Organizations can then take the necessary steps to reduce their cyber risk exposure through risk mitigation and risk remediation steps. Exposure management goes hand in hand with attack surface management (ASM) and threat and vulnerability intelligence.

As the new underground forum, ExposedVC, is trying to establish credibility among threat actors and the cybersecurity community in general, its admins are working hard to give some valuable leaks to attract more people. A few hours ago, the admins leaked what they claim to be the entire RaidForums DB that was taken down in 2022 by the FBI, along with the arrest of its admin Omnipotent.

Many will choose the Microsoft ecosystem and will need to become familiar with its native threat detection and response tools and understand how to extract maximum value from them. Kroll’s latest eBook, Microsoft Threat Detection and Response: Five Key Pitfalls (and How to Address Them) provides up-to-date insights to enable businesses to level up their cloud security.

Managed vulnerability scanning is a cybersecurity service that uses software, vulnerability scanners, human-led and automated penetration testing, and other tools to help an organization identify, track, evaluate, and mitigate security risks both inside their network and connected external sources. Even organizations with the most sophisticated information technology security professionals are challenged when dealing with the hundreds of new threats released into the wild each month.

As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all about. “HTTP pipelining is a feature of HTTP/1.1 which allows multiple HTTP requests to be sent over a single TCP connection without waiting for the corresponding responses. HTTP/1.1 requires servers to respond to pipelined requests correctly, with non-pipelined but valid responses even if server does not support HTTP pipelining.

In 2016, Ivan Fontarensky, Technical Director CyberDetect & Respond at Thales, wanted to rollout a Cyber Threat Intelligence (CTI) service to continue to add value to the company’s cybersecurity products used by critical infrastructure organizations around the globe.