You understand the importance of a Vendor Risk Management strategy in mitigating the impact of third-party data breaches. However, you’re still unsure about its application to different vendor cyber risk contexts. To help you bridge this application gap and leverage the complete benefits of a Vendor Risk Management process, this post outlines three common examples of vendor security risks and how a VRM program could be tailored to address them. Learn how UpGuard streamlines Vendor Risk Management >

In part 1 of this series, we covered a lot of ground including the three converging trends that point to the need for an attack surface management (ASM) solution – the growing attack surface, attackers having more opportunities and tools to infiltrate the attack surface, and manual SecOps being slow and ineffective. We also outlined the key features you should be looking for when selecting an ASM tool.

Today, May 15, 2024, the FBI and DOJ, working alongside international partners like the NCA and New Zealand Police, have taken control of one of the major dark web forums, BreachForums. This action comes shortly after a significant data leak from the Europol portal surfaced on the forum.

The manufacturing landscape is undergoing a digital revolution, driven significantly by Industrial IoT (IIoT), cloud adoption, and remote access needs. These advancements enable manufacturing companies to unlock efficiency gains, optimize operations, and enhance collaboration, but they also introduce a raft of new cybersecurity challenges. Legacy equipment and complex network setups have always made it difficult to secure manufacturing environments.

In April 2024, a significant breach rattled the financial sector as HSBC and Barclays, two prominent banking institutions, fell victim to a data breach. The breach occurred within the infrastructure of a direct contractor working for both banks, sending shockwaves through the industry and raising concerns about the security of sensitive financial data.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Ah, so you’ve seen those random shops that pop up on unrelated domains?

Bad bots, hackers, and other malicious agents can be tracked by a huge volume of metrics – session activity, HTTP headers, response times, request volume & cadence, and more. This complexity has created a market for siloed, complex, and extremely expensive tools. In contrast, Coralogix can consume simplistic data, like CDN logs, and derive complex, dynamically changing scores. When coupled with built-in cost optimization and the wider platform features, this makes a very compelling case.

Dependency management is a broad topic encompassing, among other things, keeping an inventory of dependencies, removing unused dependencies, and fixing conflicts between dependencies. In this article, we will focus on one large part of software dependency management that devs can do easily and with great results: updating dependencies.

Sequels, bah! Usually, they are never as good as the first. Do not even speak of prequels! This is less of a sequel, and rather should be considered a continuation of the first blog. In line with the original blog, there will be a few references to Tolkien’s Lord of the Rings. So, without further ado, you have my sword, and you have my bow, and my axe, or, at the very least, some of my NIST CSF 2.0 insights.

The massive increase in cloud adoption has driven adversaries to focus their efforts on cloud environments — a shift that led to cloud intrusions increasing by 75% in 2023, emphasizing the need for stronger cloud security. Larger scale leads to larger risk. As organizations increase their quantity of cloud assets, their attack surface grows. Each asset brings its own set of security concerns.