As organizations seek out solutions to secure their hybrid and remote workplace, some daily tasks like signing into 10, 20, or 30 applications can really interfere with employee productivity. The fatigue of remembering so many passwords for so many applications nearly always leads to undesirable password behaviors such as password re-use and choosing weak passwords, plus the annoyance of forgotten passwords and the burden of resets.

The new attack surface overview puts the changes and potential risky exposures to your attack surface front and center. But that’s not all we’ve shipped in February. We’ve improved our Azure domain connector, simplifying onboarding for those users, and sent dozens of new vulnerability tests, such as CVE-2024-27199: TeamCity Authentication Bypass and CVE-2024-21893: Ivanti Connect Secure, Policy Secure SSRF.

Navigating the internet today can be a minefield. With the rise of malicious websites, customers and employees must now think twice before clicking on unfamiliar links or sites. Attackers often try to spoof and ‘brandjack’ well-reputed organizations and lure users into giving away personal info, money or letting hackers into their systems.

If you think security is all about risk management, cybersecurity expert Greg van der Gaast thinks you’ve got it all wrong.

In the dynamic landscape of financial services, data is not just currency; it's the key to innovation and operational excellence. Data is constantly streamlining from devices, logins, transfers, transactions, and much more, and it’s bound to increase with an ongoing reliance on digital channels. This creates a massive opportunity and responsibility for financial institutions, as their customers (and regulators) demand more from banking providers.

The United States Department of Veterans Affairs (VA) is a federal agency that provides comprehensive healthcare services, benefits, and support to military veterans and their families. The VA operates a nationwide system of hospitals, clinics, and benefits offices focused on ensuring the health, welfare, and dignity of those who served in the United States armed forces.

The telecommunications sector provides critical infrastructure for many countries, enabling the exchange of information across various industries. Due to the widespread use of digital information in telecommunications, the sector has become a prime target for cyber threats from hackers, state actors, and cyber criminals. In 2023, telecommunications experienced higher credential stuffing rates than other sections, according to F5.

Earlier this week, we debuted our mini-series on the SEC’s new cybersecurity rules. In case you missed it — and, understandably, don’t have the bandwidth to backtrack — Part I explored how the (seemingly perpetual) explosion in data creation, data value, and IT complexity since the dawn of the digital age has come to shape our society. In particular, we note why these trends are responsible for our current IT predicament, namely, the rise in threats, risks, and regulations.

In this blog, we will demonstrate how Zeek’s metadata approach can help focus patching efforts related to the recent SSH “Terrapin” attack. One of the interesting aspects to bear in mind as you read this is that Zeek provides visibility of the vulnerable elements of this encrypted protocol, and thus serves as a reminder that network monitoring is still very much relevant, even in a heavily encrypted world.

In an era where cyber threats are becoming increasingly sophisticated and pervasive, securing endpoints is paramount. Microsoft Defender for Endpoint emerges as a key player in the cybersecurity arena, offering comprehensive protection against a wide array of threats. This blog post delves into how Defender for Endpoint is revolutionizing endpoint security through the use of advanced threat protection technologies.