Server-Side Request Forgery (SSRF) is an attack that can be used to make your application issue arbitrary HTTP requests. SSRF is used by attackers to proxy requests from services exposed on the internet to un-exposed internal endpoints. SSRF is a hacker reverse proxy. These arbitrary requests often target internal network endpoints to perform anything from reconnaissance to complete account takeover.
Organisations hit by ransomware attacks are finding themselves paying out more than ever before, according to a new report from Palo Alto Networks. The Unit 42 threat intelligence team at Palo Alto Networks teamed up with the incident response team at Crypsis to produce their latest threat report which looks at the latest trends in ransomware, and compares payment trends to previous years.
With cyber threats rapidly evolving and data volumes expanding exponentially, many organizations are struggling to ensure proper security. Implementing a solid cybersecurity framework (CSF) can help you protect your business. One of the best frameworks comes from the National Institute of Standards and Technology. This guide provides an overview of the NIST CSF, including its principles, benefits and key components.
Data protection impact assessments (DPIA), sometimes referred to as a Privacy Impact Assessment (PIA), are a tool used to describe how you intend to process and protect the personal information(PI, PII, etc) of individuals. Many forms of regulation including the GDPR and some compliance standards will require a DPIA depending on the risk levels associated with the data you are processing.
ZenGRC Designated ‘Leader’ and ‘Users Love Us’ Among GRC Platforms SAN FRANCISCO – March 25, 2021 – Reciprocity, a leader in information security risk and compliance with its ZenGRC solution, today announced ZenGRC™ earned two badges on the G2 Spring 2021 Grid Report. This marks the 16th consecutive quarter ZenGRC has been recognized by G2 in its quarterly report.
While freeware does not have monetary cost, it may come at a price. There may be limitations to freeware such as infrequent updates, limited support and hidden malicious software. Some freeware programs may have added software packages that can include malicious software such as trojans, spyware, or adware. It’s important to have additional layers of defense to provide that your environment is protected.
Extinction Rebellion (XR) is a London-based environmental group aiming at disruptive and nonviolent civil resistance. Launching their first public campaign in October 2018, XR centers their motives on resisting structures that dismiss climate change and degradation of natural resources[1]. XR has been notable in eliciting mass arrest, a Ghandian tactic that garnered them press coverage, funding, and attention from government agencies and policy bodies.
The network of interconnecting devices to exchange data popularly known as the Internet of Things is evolving rapidly in the fast-paced industry of technology. However, advancement in IoT has also taken a toll on security. IoT Systems strive to enhance productivity, efficiency, and flexibility but also invite uncalled risks to the network. IoT Security stands as the need of the hour for secure and holistic development.
Cloud-native threats have multiple implications. We are used to seeing legitimate cloud applications exploited within sophisticated kill chains, and we forget the basics: such as the risks posed by Shadow IT, like when personal email accounts are used to improperly handle corporate data. This is a very real risk right now, when users are working almost completely from home and the line between the professional and personal use of work devices is blurred.
UpGuard has launched an exciting new product called CyberResearch. This post summarizes the solution and its key features. CyberResearch is a suite of fully managed services, encompassing third-party risk and data leak detection. This world-first innovation is designed to further reduce the risk of data breaches while making it easier than ever before to scale your cybersecurity efforts.
