In today's interconnected business landscape, Third-Party Risk Management (TPRM), sometimes called vendor risk management (VRM), is a critical cybersecurity strategy for organizations aiming to safeguard their operations and reputation. With most companies increasing their reliance on external vendors and service providers, managing and mitigating risks associated with these third-party relationships is paramount.

Trustwave is proud to announce that it has signed the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design Pledge, joining more than 150 other leading enterprise software manufacturers in committing to building stronger security features directly into our products.

Note: Exploitation of this vulnerability remains highly likely, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog.

For two decades or so now, web applications have been the backbone of many businesses, making their security paramount. Dynamic Application Security Testing (DAST) and penetration testing are crucial for identifying and mitigating security vulnerabilities in web application security. While both aim to enhance application security, they differ significantly in their approach, execution, and outcomes.

Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition covers zero-day exploits advertised on a cybercriminal forum, a new AI threat taxonomy from Google DeepMind, and a newly identified side-channel attack method called SnailLoad.

Explore insights from CloudNativeSecurityCon 2024, including securing machine identities, digesting SLSA and GUAC, and the impact of quality documentation.

In the past, we’ve written a lot about FedRAMP certification and the way the Ignyte platform can help you with record-keeping and the overall process. We’ve largely glossed over the role that the third-party assessment organization plays, hand-waving it as a relationship you build between your chosen 3PAO and your own organization. As a certified 3PAO, however, we do have a unique insight into this process.

We are thrilled to announce the first release of powerful updates to Egress Prevent Analytics within the Egress Security Center, designed to provide deeper insights, richer data, and enhanced functionality for all our customers.

In an era of unprecedented advancements in AI, the National Institute of Standards and Technology (NIST) has released its "strategic vision for AI," focusing on three primary goals: advancing the science of AI safety, demonstrating and disseminating AI safety practices, and supporting institutions and communities in AI safety coordination.

Polyfill.js is a Javascript library that helps old browsers run new modern features which these old browsers do not support natively. The library is popular among developers for helping them offer consistent user experience regardless of the browser environment the user is using. In February 2024, a Chinese company bought the domain polyfill.io and the Github account associated with it. Since then, they’ve been serving malware via cdn.polyfill.io as pointed by the team at Sansec.