Financial service organizations face a growing challenge. Their customers expect 24×7 access and self-service convenience, meaning these organizations must move to the cloud and embrace new technologies. However, those moves also expand their attack surface, increase cyber risk, and make achieving and maintaining compliance more challenging.

On July 24, 2024, Progress published a knowledge base article disclosing a critical vulnerability (CVE-2024-6327) impacting Telerik Report Server, a product by Progress designed for streamlined report management within organizations. This vulnerability can lead to remote code execution (RCE) due to the deserialization of untrusted data. Arctic Wolf has not identified a publicly accessible proof of concept (PoC) exploit or active exploitation of this vulnerability. However, most notably.

Personal Information (PI) encompasses any data that can identify an individual, either directly or indirectly. This includes basic information such as names and addresses. It also includes more specific details like Social Security Numbers (SSN) and biometric data. Understanding the difference between Personally Identifiable Information (PII) and Sensitive Personal Information (SPI) is crucial for effective data protection.

The decision on whether to implement the Microsoft Security offerings available with the Microsoft 365 E5 license certainly involves deep security discussions, but it's also a business decision. In that respect, this process allows security leaders to engage with their CFO and other business leaders to elevate conversations.

In a significant development in cybersecurity, the threat actor known as Stargazer Goblin has established a complex network of fake GitHub accounts to facilitate a Distribution-as-a-Service (DaaS) operation. This network, comprising over 3,000 inauthentic accounts, has been actively spreading various information-stealing malware and generating $100,000 in illicit profits over the past year.

In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated. At Cloudflare, we stay close to industry changes to ensure that we can provide the best solutions to our customers. One practice that we’re continuing to see in use that no longer serves its original purpose is certificate pinning.

The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements. This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success.".

Most homeowners know that a lock is a good idea as a basic defense against invaders, and leaving the front door unlocked is simply unwise. Unfortunately, when it comes to creating a strong cyber defense it’s not that simple. Attackers have been evolving their intrusion techniques over decades, focused on one goal, relentlessly probing for weaknesses to enter your domain.

The Defense Industrial Base (DIB) consists of over 100,000 companies that provide materials or services to the United States Department of Defense (DoD). These companies provide products needed to defend the nation and are a critical part of the DoD supply chain. DIB companies range in size from large, well-known defense contractors, like Lockheed Martin, Boeing and Northrop Grumman, to small and medium-sized enterprises that provide specialized products and services, such as drones and military vehicles.

When Cato Networks was launched and we onboarded our first customers, we were exhilarated to share the disruptive innovation that has turned into an incredible opportunity. Enterprises had become too complex, with many point solutions requiring assessment, integration, deployment, and maintenance. Cato was the remedy to that complexity.