A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Last week’s attack on Crypto.com did in fact lead to lost currency….

As Data Privacy Day once again rolls around, we can look back at some healthy improvements when it comes to privacy that organizations made over the previous 12 months. We can also use this yearly reminder on such an important topic to look forward to the coming year to pinpoint where additional changes are needed.

Privileged Access Management (PAM) is a go-to solution to prevent privilege misuse and insider threats, and limit malware propagation. After all, properly protecting and monitoring the keys to the kingdom is always a good practice. Privileged Access Management has been even more critical in recent times. With the advent of the cloud where infrastructure is provisioned with a single API call and authenticated with a single API key, the risk of someone misusing these credentials is far higher.

As cybersecurity regulations continue to tighten their grip on vendor security, a greater weight of responsibility is expected to fall on Third-Party Risk Management Programs. So if you're currently struggling to keep up with your vendor security due diligence, your workflow congestion will only worsen if a scalable and streamline vendor risk management program isn't achieved.

The sudden shift to remote work in 2020 exposed companies to a variety of new security challenges that haven’t gone away. Review the seven most crucial areas of security for emerging remote-first organizations. Continue reading below or feel free to download a copy of this playbook. We’ll also include our free Post-COVID Security Checklist as a reference you can keep in your back pocket.

OpenBullet is a testing suite of software allowing users to perform requests on a target web application. The open source tool can be found on GitHub and is used by businesses for various legitimate purposes including scraping and parsing data and automated penetration testing. Although designed to aid security professionals, in the wrong hands OpenBullet can be abused for the opposite purpose.

Cyber Essentials is a government-backed and industry-recognised initiative which aims to raise cyber security awareness and help businesses mitigate common internet-based threats. The Cyber Essentials update is the biggest overhaul of the scheme’s technical controls since it was first launched in 2014.

Data Privacy Day (known in Europe as Data Protection Day) is an international event aimed at raising awareness about data privacy and protection practices among businesses as well as internet users. In this blog series, we’ll attempt to do the same. This first blog post will shed light on data privacy as a whole, important data privacy laws, and some data collection practices that can help you adhere to these laws.

A core challenge for threat detection engineering is reproducing common attacker behavior. Several open source and commercial projects exist for traditional endpoint and on-premise security, but there is a clear need for a cloud-native tool built with cloud providers and infrastructure in mind. To meet this growing demand, we’re happy to announce Stratus Red Team, an open source project created to emulate common attack techniques directly in your cloud environment.