Continuing our OT:ICEFALL research, Vedere Labs has disclosed three new vulnerabilities affecting OT products from two German vendors: Festo automation controllers and the CODESYS runtime, which is used by hundreds of device manufacturers in different industrial sectors, including Festo.

As threats have continued to evolve, enterprises have made significant investments in security infrastructure and security operations is maturing. C-Suites and Boards are increasingly involved in security decision making and studies show that they are doubling down on security investments, which are expected to grow from $262.4 billion in 2021 to $458.9 billion in 2025.

Zero trust is a security approach which replaces the traditional network edge. Since network resources can be anywhere – on-premises, in the cloud, or a hybrid of both – zero trust is built towards an identity-centric approach. This places people and resources at the heart of the security architecture.

Many people remember where they were during historic events. Whether it is a personal, or a public occurrence, it’s just human nature to remember these significant moments. Every profession also has its share of memorable events. In medicine, those who were in the profession will remember where they were when they heard about the first heart transplant or the discovery of a cure for a particular disease. In cybersecurity, there are similar events that stick in the mind.

Commando VM is a testing platform that Mandiant FireEye created for penetration testers who are more comfortable with the Windows operating system. Windows Commando VM is essentially the sister to Kali Linux, a Linux testing and malware analysis platform widely used by the penetration testing community. These security testing platforms are packaged with all the common solutions and scripts that a pentester would need for offensive testing.

Multi-factor authentication (MFA) is a great way to increase both on-premises and cloud security. With MFA in place, when a user logs on, they are required to provide not only their user ID and password but another authentication factor, such as a code sent to their phone. This process reduces the attack surface by preventing adversaries with stolen user credentials from logging on. However, MFA is not a cybersecurity panacea.

Cyber insurance is a necessity in today’s cybersecurity landscape, especially in the wake of widespread ransomware attacks on commercial businesses of all sizes. A cyber insurance policy enables companies to transfer the cost of recovering from cyber incidents. In the event of a data breach, your cyber insurance policy can cover the costs of damages to others, profits lost if your network goes down, and the cost of negotiating ransomware.

Amazon Security Lake allows customers to build security data lakes from integrated cloud and on-premises data sources as well as from their private applications. Directing your security telemetry into a unified data lake makes it easier to manage, analyze, and route security-log and event data to third-party SIEM solutions that leverage that telemetry.

Google Drive is an integral part of Google Workspace (formerly known as G Suite). With over 6 million customers and over 2 billion monthly active users, Google’s platform is the world’s largest collaboration tool for companies both large and small. In Google Drive, employees across the world create, edit, and share files on a daily basis. This, however, does not occur without the risk of data leakage.

As with most SaaS applications, within Salesforce it is your organization’s responsibility to determine whether Salesforce’s default security settings meet your specific security and compliance obligations. Read this online guide, for free, to learn about the problem of data exposure in Salesforce and how to ensure compliance with HIPAA, PCI, and other leading industry standards while storing sensitive data in Salesforce.