Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts.

Threat actors have responded to better protections in the operating system and improved endpoint detection and response (EDR) capabilities by moving down the stack to find entry points with full visibility and privileges into the stack above.

“The best part of RSA is all the amazing people in the community trying to make the world a safer place. It’s also very exciting to see all the innovation to make adversaries’ lives harder – competition and collaboration make us better.” – CEO & Co-Founder Dr. Aleksandr Yampolskiy The SecurityScorecard team has just returned from an incredible week in San Francisco at RSA Conference 2024!

The 2024 RSA Conference has officially wrapped, and this year’s event served as the perfect backdrop for us to make our re-introduction to the industry.

Failure to archive a completed Trial Master File (TMF) is, to put it simply, non-compliant. Despite this fact, pharmaceutical and biotech companies are often known to drag their feet on this process. Why would such organizations expose themselves to that risk? Unfortunately, there are several common hurdles that teams face when it comes to TMF archival. In this post, we’ll walk through what those hurdles are and how to overcome them.

The ability to authenticate securely over an unsecure network is paramount in safeguarding sensitive information and maintaining trust in digital interactions. In an era where communication often occurs over public networks like the internet, ensuring the authenticity of users and data is critical to prevent unauthorized access and data breaches. Kerberos is a Windows security network authentication protocol that allows users and services to securely authenticate over a non-secure network.

Cross-Site Scripting (XSS) is a security vulnerability that allows an attacker to inject malicious code into a web page viewed by other users, usually in a script. When other users view the compromised page, the injected code can execute and steal sensitive information or perform malicious actions on their behalf. This attack typically targets web applications that allow user-generated content or input, such as message boards, comment sections, or search boxes.

Network hardening involves implementing measures such as configuring firewalls, securing remote access points, blocking unused network ports, removing unnecessary protocols, implementing access lists, and encrypting network traffic to mitigate unauthorized access and bolster the security of a network’s infrastructure. This process involves identifying and addressing vulnerabilities in device management and configurations to prevent exploitation by malicious actors aiming to infiltrate the network.