In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.

OpenSSH server is currently exposed to a dangerous vulnerability that, if exploited, could grant cybercriminals full system access without user interaction. This post provides an overview of CVE-2024-6387 and suggests remediation responses to mitigate its impact.

Cybersecurity expertise is notoriously absent from the boardroom. Only last year, a market analysis found that a mere 12% of US Fortune 500 companies have a board member with adequate knowledge of cyber risk management. However, increased cybersecurity regulations, coupled with heightened cyber event costs, have begun to highlight the need to rectify this void as soon as possible.

Continuous controls monitoring (CCM) is a crucial aspect of making GRC processes more automated, accurate, and actionable through technology. It helps organizations transition from inefficient point-in-time checks to automation-driven compliance controls that provide a real-time view into their security posture. That’s why many proactive risk management teams are already prioritizing control automation for their GRC program.

Are you aware of cyber risks in DevOps and how they can impact your business? Turn on the DevOps Backup Masterclass Podcast to join our host ⁠Gregory Zagraba⁠ and explore the biggest cyber threats to DevOps environments, including GitHub, GitLab, Bitbucket, and Jira with an ultimate review of the Top 2023 risks.

It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect. Industries that adhere to the Standard were given the year to implement the new changes.

The goal of every vulnerability management program is to reduce the risk posed by vulnerabilities that exist in the organization’s environments. You can achieve this goal in two ways. The first is to move faster, remediating vulnerabilities faster than they can arise. The problem with this approach is that it doesn’t work. It is inefficient, expensive, and impractical. There are simply too many vulnerabilities.

AI isn’t what’s going to be the hot topic of the next year; it’s going to be data breaches in the supply chain and the cost that companies face by not reacting quickly to this emerging threat. The cyber attack on Change Healthcare, one of the world’s largest health payment processing companies, illustrates this point. Change Healthcare was a clearing house for 15 billion medical claims annually—accounting for nearly 40% of all claims.

AI isn’t what’s going to be the hot topic of the next year; it’s going to be data breaches in the supply chain and the cost that companies face by not reacting quickly to this emerging threat. The cyber attack on Change Healthcare, one of the world’s largest health payment processing companies, illustrates this point. Change Healthcare was a clearing house for 15 billion medical claims annually—accounting for nearly 40% of all claims.