How US federal agencies can better meet advanced event logging requirements Recently, the US Government Accountability Office (GAO) released a study tracking US federal agencies’ progress on meeting the requirements set out in OMB M-21-31. Released in 2021, the Office of Management and Budget (OMB)’s M-21-31 memorandum provided guidance and requirements for federal agencies in order to improve centralized visibility into logging data before, during, and after cybersecurity incidents.

The benefits of hyperautomation are well documented. But it can be challenging to determine where to get started. Maybe you’ve been burned by outdated and antiquated solutions, like legacy SOAR, that were so complex, costly, and time consuming that a path forward seemed impossible. At Torq, the journey to true hyperautomation is a three-phased approach that will transform your security posture and result in more than 90% of SOC processes automated.

GDPR, or the General Data Protection Regulation, is a data privacy law that many businesses around the world need to comply with. If you’re operating a business or managing a website, it’s important to know how the law applies to you and your website’s data collection processes. In this blog post, we’ll answer some fundamental questions about GDPR and provide guidance on how to get your website GDPR compliant. ‍

On December 18th, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued an urgent advisory to highlight the ongoing malicious activities being conducted by the Play ransomware group.

Endpoint detection and response (EDR) tools are essential for safeguarding an organization’s endpoints, such as computers, servers, and mobile devices. With adversaries leveraging increasingly sophisticated techniques, choosing the right EDR solution that fits your organization’s needs is more critical than ever. The challenges, requirements, and risk tolerances of any business are crucial factors in selecting the most suitable tool for your specific IT environment.

Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates to software (patching) to address security vulnerabilities. CVE patching is your shield against the threat of malicious actors exploiting such weaknesses and is of crucial importance for every organization’s cybersecurity. This post will cover the basics of CVE patching: the roles and stakeholders, the step-by-step process, and common mistakes to avoid.

Last week, Michael Bargury and the team at Zenity published a video summarizing 6 vulnerabilities that are found in Microsoft Copilot Studio. The video highlights, in sequence, a myriad of ways that business users can create their own AI Copilots that are risky, why they are risky, and how they can be easily exploited. While I highly recommend checking out the video, this blog sets out to provide a look at why these vulnerabilities matter, and what considerations should be taken to mitigate them.

With cyber attack frequency hitting new highs, the continued evolution of threat actor tactics, techniques and procedures (TTPs), and the rapid digitization of organizations across industries, it’s become common to say that it’s not a matter of if, but when you’ll experience a cyber incident.

Staying ahead of threats requires not only innovation but also strategic partnerships and continual learning. Over the recent past, our journey has been marked by significant achievements, showcasing our commitment to excellence and collaboration within the industry.

When shopping online, you want to feel 100% sure that the service you are handing over your details is safe and secure. One of the most popular payment methods for online shopaholics is PayPal. However, is PayPal safe, and how secure is it when checking out online? Throughout this article, we will discover 15 of the most common PayPal scams and online fraud scams to watch out for and how to avoid them.