Third-party risk management (TPRM), also known as “vendor risk management” is the process of managing risks introduced to your business by your organization’s vendors, suppliers, contractors, and service providers. Any outside party that plays a significant part in your company’s ecosystem or supply chain is considered a third-party vendor.

A routine cloud operations task should have a routine solution. That’s why we’ve just made it a lot easier to install and maintain self-hosted instances of the JFrog DevOps Platform on AWS, through AWS CloudFormation. To further simplify the effort of self-hosting Artifactory and Xray on AWS, we’ve just published a set of AWS CloudFormation modules to the AWS CloudFormation Public Registry.

This is the third of three blogs in a series to help the energy and utility industries. You can read the first blog on Ransomware and Energy and Utilities and the second blog on Threat Intelligence and Energy and Utilities as well.

SecurityScorecard’s Investigations & Analysis team conducted an investigation into the details surrounding the USAID.gov attack. As has been previously reported, the attack has been potentially attributed to the organization commonly known as Cozy Bear, but our investigation found that the campaign is likely much larger, and began much earlier than has been reported.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. With various incident response reports showing intruders can be around for a long time before acting, this report of a 8 second exposure really brings home to what someone can get if the opportunity presents its self.

Threat hunting is emerging as a must-have addition to cybersecurity strategies. By enabling organizations to find and mitigate threats before they ever touch their networks or systems, threat hunting provides the basis for a more proactive security posture – and one that delivers higher ROI on security tools and processes. How can businesses actually add threat hunting to their security arsenals? That’s where solutions like Sumo Logic's Cloud SIEM come in.

A Virtual Desktop Infrastructure looks like a great match on paper. What’s not to like? You know where it is on Friday night, with your apps and data on your servers, not cruising the internet or making out on someone’s BYOD. It seems safe since it forces web access through the ‘house’ security stack and requires an ID check at the front door. It can be exclusively available only to users on your network via VPN, SD-WAN, or local network connection.

Following a string of 83 data breaches in 2019 alone, the United States Department of Defense (DoD) established the Cybersecurity Maturity Model Certification (CMMC). The CMMC framework is a unified national standard for improving cybersecurity. Companies in the defense industrial base (DIB) must implement CMMC requirements in order to win contracts. Read on to find out how you can achieve compliance.

If you want to automatically send Apache Kafka messages to an Email recipient or a Slack channel, it is very easy to do with our new Software Bots.

For organizations that work in or partner with the healthcare industry, HIPAA compliance is of paramount importance. Keeping a patient’s medical records and personal information safe isn’t just a matter of avoiding penalties. It’s also key to building trust with patients and, ultimately, providing great patient care. Here’s what health organizations and their partners need to know about PHI and keeping it secure.