Determining, dealing with, and accepting a certain level of risk will always be a top priority for the members of any C-Suite. Eliminating risk is likely not a possibility, especially when it concerns cybersecurity. Simply put, the threat landscape changes so rapidly that fully solving this problem is likely beyond our reach. That means organisations must focus on what they can control and how much they are willing to leave up to chance.

Your company’s first external audit can be a bit overwhelming. The audit firm will seek a considerable amount of audit evidence from your business – and if you want to prepare for that compliance audit in advance, there’s an equally vast amount of information available about how audits should work. Every company’s audit experience will differ, depending on the scope and the standard against which you will be audited.

In the last several days, a new info stealer known as the “Continental stealer” has gained traction in dark web forums. This stealer has the potential to become one of the more powerful participants in the InfoStealer industry, thanks to its simple and easy-to-use architecture. In this report, we will review the stealer infrastructure, features, and functionality.

In the arsenal of cyber security tools available to organizations, the penetration test is a key component. Business applications, and organization infrastructure (operating systems, databases, networks, etc.) all have potential vulnerabilities, many of which are just waiting for threat actors to exploit.

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week, we are exploring the modern cyberthreat landscape and how crucial it is to keep up with cybercriminals’ evolving tactics and safeguard ourselves from them. The modern cyberthreat landscape is an ever-evolving and complex environment that poses significant risks to organizations of all sizes.

Discover insights from Gartner's Security and Risk Management 2023 Summit in London. Learn how CNAPP enhances protection in a complex cloud environment.

Do you need to secure high-risk access to the back end of your customer-facing apps? Yes, you do – assuming you care about cybersecurity risk, uptime or compliance with SOC II and NIST and AWS, Azure and GCP architecture frameworks. To meet compliance requirements and grow your business, you must properly secure access to the cloud services and workloads powering your SaaS app.

In an era where cyber threats are increasingly sophisticated and ubiquitous, businesses must remain vigilant and proactive in their approach to security. Cyber threat intelligence (TI or CTI) emerges as a beacon of hope, offering insights and strategies to detect, prevent, and respond to potential cyberattacks. Through this guide, we'll walk you through what TI is, different types of TI, and how it reshapes our understanding of cybersecurity.

An API Gateway is a mediator between the client and the collection of backend services. It accepts all API calls and routes them to one or more appropriate backend services. It doesn’t stop there; it aggregates appropriate data/ resources and delivers it to the user in a unified manner. Placed in front of the API/ group of microservices, the API gateway is the single-entry point for all API calls made to and executed by the app.

On October 27, 2023, Apache published a security advisory addressing that a critical remote code execution (RCE) vulnerability has been fixed in the latest updates for Apache ActiveMQ products, CVE-2023-46604. This vulnerability was rated with a maximum Common Vulnerability Scoring System (CVSS) score of 10.0, as it can be exploited remotely by an unauthenticated threat actor in low complexity attacks.