Third-party risk management (TPRM) is the structured process of identifying, assessing, and mitigating risks posed by external vendors, suppliers, and service providers. These risks can include cyber threats, data breaches, regulatory violations, and financial instability, all of which can severely impact your organization’s security and compliance posture.

On September 26, 2024, four critical vulnerabilities, CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, were disclosed in the open-source printing system Common Unix Printing System (CUPS) and its components. Attackers can leverage the remote code execution (RCE) and input validation vulnerabilities as part of an attack chain.

In recent years, Telegram has emerged as a popular messaging platform among cybercriminals, driven by its combination of simplicity, security, and efficiency. Telegram's encrypted messaging capabilities, real-time communication, and the ability to send large data files make it an ideal platform for cybercriminal activities, making it an attractive alternative to traditional underground forums.

In recent weeks, reports have surfaced regarding a significant breach involving Cisco, exposing sensitive data from various organizations. This blog post delves into the details of the breach, the compromised data, the implicated companies, and the methods used by attackers to gain access to such critical information.

October 1st marks the start of Security Awareness Month. A global campaign launched two decades ago to improve cyber security awareness and equip people with the knowledge and resources they need to be secure online. But what impact has this campaign truly had in the workplace? Yes, it spotlights the issue and boosts high-level awareness of threats like phishing.

In the context of cloud security posture management (CSPM), custom controls are policies or rules that give security teams the flexibility to create and enforce policies. These are needed to manage posture, tailor compliance measures, and detect misconfigurations across infrastructures like Kubernetes, containers, and the cloud.

API security is a critical concern for industries that are undergoing digital transformation. Financial services and insurance sectors are particularly vulnerable due to the increasing number of APIs they need to manage. As early adopters of digitalization, these sectors face unique challenges requiring a customized API security approach.

At Foresiet, our mission is to help businesses stay informed about emerging cybersecurity risks. One of the latest and most dangerous threats is Interlock ransomware, a variant that has made waves on the dark web. This ransomware group claims to be more than just extortionists, positioning themselves as enforcers of accountability for companies that fail to adequately protect customer data and intellectual property.

CVE-2024-23113 is a critical (9.8) Fortinet FortiOS vulnerability allowing remote, unauthenticated attackers to execute arbitrary code or commands using specially crafted requests. The flaw uses an externally-controlled format string vulnerability in the FortiOS fgfmd daemon.

Virtual machines (VMs) running on cloud-native platforms like OpenShift Virtualization require robust backup and recovery solutions to avoid downtime and data loss. However, many organizations struggle with the complexities of backing up VMs in hybrid and multi-cloud environments, especially when managing infrastructure at scale.