Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Late last year, The Canadian Center for Cyber Security published an in-depth threat bulletin declaring it had knowledge of 235 ransomware incidents against Canadian victims from in 2021, with more than half of these victims being critical infrastructure providers. The report also explains that most ransomware events remain unreported to the Center, and—based on past findings—once targeted, ransomware victims are often attacked multiple times.

Vendors are a key part of every business and, therefore, every organization’s security. Yet, one of the biggest challenges for security and third-party risk management teams is tracking down their vendors. It’s no wonder that 65% of organizations don’t know which third parties have access to their most sensitive data. On top of that, vendor risk management teams need to worry about who their vendors’ vendors are – namely their fourth parties.

On Jan. 26, the Office of Management and Budget (OMB) published its widely anticipated final version of its zero trust architecture strategy, identifying top cybersecurity priorities for the federal government. This achievement raises the country’s cyber defense strategy to a level commensurate with the “increasingly sophisticated and persistent threat campaigns” it faces.

CHECK and CREST are two separate accreditations approved for use by the National Cyber Security Centre (NCSC), and the Council of Registered Ethical Security Testers (CREST). CHECK, which is an abbreviation of IT Health Check Service, is an NCSC initiative for protecting government and public sector systems in line with government policy.

Today, anyone can contribute to some of the world’s most important software platforms and frameworks, such as Kubernetes, the Linux kernel or Python. They can do this because these platforms are open source, meaning they are collaboratively developed by global communities. What if we applied the same principles of democratization and free access to cybersecurity?

Proofpoint Essentials MSP services leverage the same enterprise-class security that powers some of the world’s largest and most security-conscious companies for SMBs. This visibility and security give them the protection for their greatest security risk—their people. Small and medium-sized businesses (SMBs) are targeted with the same attacks as large enterprises but they often lack the personnel and financial resources to purchase and operate security solutions aimed at large enterprises.

A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, was identified in elFinder File Manager. The vulnerability can result in the theft of user credentials, tokens, and the ability to execute malicious JavaScript in the user's browser. Any organization utilizing an out-of-date elFinder component on its web application could be affected.

The nature of business today is increasingly decentralized. Cloud applications are exploding. Data is everywhere. And a large number of users will continue to work remotely even post-COVID-19. While all of these things increase business agility, they also increase an organization’s attack surface. The concept of Zero Trust is generating a lot of buzz as a panacea for these new risk exposures—and for good reason.