Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybersecurity is an essential consideration for any organization that deals in the digital sphere on any level, and the education sector is no exception. In recent years, the global pandemic and technological advances have led to a massive shift toward online learning, which has posed a number of challenges to educators and administrators. Facilitating digital education presents a logistical maelstrom that many educational institutions are not prepared to handle.

On December 7th, 2023, the Apache Struts project disclosed a significant vulnerability, CVE-2023-50164, in its Struts 2 open-source web framework. Rated at a critical CVSS score of 9.8, this flaw resides within the framework’s file upload logic. Exploiting this vulnerability empowers attackers to manipulate upload parameters, potentially leading to arbitrary file upload and, under specific conditions, code execution.

As 2023 comes to a close, we aim to inspire excellence by highlighting our customers’ dedication to a more secure world. Thanks to you, we are honored to be (for the fourth consecutive year) recognized as a 2023 Gartner® Peer Insights™ Customers’ Choice. Let’s explore some of the stories that make this recognition possible.

This is part two in our series on building honeypots with Falco, vcluster, and other assorted open source tools. For the previous installment, see Building honeypots with vcluster and Falco: Episode I.

Learn how GitGuardian helps teams effectively prioritize and coordinate remediation by gathering the right data and making progress tracking and communication easy.

In response to what Google calls “over trust” in the web address lock icon to indicate that a site is authentic and its’ communications are secure, they’ve swapped the lock out in an attempt to engage Chrome users in thinking about their own secure browsing. You may have not noticed it if you’ve updated to Google Chrome version 120, but the long-familiar lock icon is no longer.

Marketplaces such as OLVX are shifting from the dark web to the open web to take advantage of traditional web services to assist in marketing to and providing access to new customers. One of the challenges of existing on the dark web is the need to use a Tor browser and have some knowledge of how to navigate your way through the dark web’s depths. In addition, customers of dark web services may not be as readily accessible to advertising as they would be on the open web.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) has been a stalwart ally for organizations for years, providing guidance on understanding, evaluating and communicating about cybersecurity risks. The release of NIST CSF 2.0, expected in early 2024, provides a paradigm shift. This blog post provides an in-depth exploration of the structure of the NIST CSF and the key changes coming in version 2.0.

The importance of robust cybersecurity practices cannot be overstated, especially when it comes to critical infrastructure, such as the financial industry. Financial institutions, in particular, are entrusted with sensitive data and financial assets, making them prime targets for cyber threats. One crucial aspect of cybersecurity that often goes under the radar is third-party risk management (TPRM).

To understand vulnerability remediation one must first understand remediation in cyber. Remediation refers to the process of addressing and resolving security vulnerabilities or incidents that could potentially pose a threat to an organization’s information systems, data, or network.