A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Normally cloud backup is a good thing; only when it’s not….

In our new threat briefing report, Forescout’s Vedere Labs describes how it analyzed files and tools used by an affiliate of the ALPHV ransomware group during an attack. ALPHV, also known as Black Cat, is a Ransomware-as-a-Service gang that was first discovered in November 2021.

Modern software companies often provide many things at once. Their reach extends beyond a single product or service — and their security tools must match this pace. Our own Steve Kinman (Field CISO, Snyk) and Adrian Guevara (Head of Cybersecurity, Willowtree) recently held a roundtable discussion on the challenges hypergrowth organizations face with implementing code security in a rapidly moving space.

Global regulations for data privacy and cybersecurity are quickly becoming more common and more stringent. That puts added pressure on organizations to manage their risks appropriately or face potentially painful consequences. In particular, organizations around the world and across industries are experiencing high demand from regulators to implement compliance risk management.

Cybersecurity threats abound, and the pace of cybersecurity attacks is increasing steadily year after year. At the same time, consumers are also becoming more aware of cybersecurity harms, and demanding better performance from the companies with which they do business. Regulators hear that sentiment from consumers too, and are responding with ever more stringent rules for data privacy.

Last June, Forward Networks announced several enhancements to the platform designed to help SecOps teams prove compliance, automate CVE (critical vulnerability exposure) responses, and remediate threats quickly. Today, we’re happy to share that we’ve continued to build out our security use cases by adding new functionality to our security posture security matrix (previously known as zone-to-zone security matrix) and delivering Layer 7 application connectivity analysis.

You probably have some form of cybersecurity program already in place. Maybe a Norton app that scanned this page for you before you opened it. While that may be good but yet not be enough to tackle or address the evolving cyber threats in the industry. We live in an era of rampant cyber security threats. Mistakes are as easy to make as they are punishing. In this article today let us take a look at why developing a cybersecurity program is worth the cost for your business.

Information Security Management System is an international standard designed to manage the security of sensitive information. At the core, ISMS is about managing the people, processes, and technology through a risk management program. While there are many standards under the ISO2000 family, the ISO27001 Standard is the most popular and widely accepted standard in the industry.

Organizations must enact effective third-party risk management (TPRM) programs to ensure their vendors fulfill cybersecurity requirements. Otherwise, they risk carrying the financial and reputational harm caused by customer data breaches. The PCI DSS standard covers aspects of third-party risk management as it's applicable to all organizations that process credit card data, especially the heavily regulated finance industry.