Using best practices for cyber vendor risk management (Cyber VRM), organizations can identify, assess, and remediate their third-party vendor risks specifically related to cybersecurity. Organizations can utilize information attained from security ratings, data leak detection, and security questionnaires to evaluate their third-party security postures using dedicated Cyber VRM solutions.

According to a 2021 study by UpGuard, over 51% of analyzed Fortune 500 companies were unknowingly leaking sensitive metadata in public documents - data leaks that could be very useful in a reconnaissance campaign preceding a major data breach. Without timely detection solutions, all corporate (and personal) accounts impacted by data leaks are at a critical risk of compromise, which also places any associated private internal networks at a high risk of unauthorized access and sensitive data theft.

In our previous blog breaking down The 5 Fundamentals of Cloud Security, we discussed the importance of knowing your environment. Teams need to have a comprehensive inventory of their cloud environments to have a clear understanding of the security risks that might exist within. With that in mind, let’s explore the importance of vulnerability prevention and secure design working together to keep threat actors from gaining meaningful access to your organization’s cloud control plane.

The loss of data in any form is detrimental to an organization’s growth. However, the loss of IP in the form of CAD files perhaps is tantamount to ringing the death knell. In the world of manufacturing and high-tech companies the most critical IP, such as details of either mature products or yet-to-be patented prototypes, is represented as constructional drawings typically stored as CAD files. Consider, for example, the case of Apple losing its IP.

When you browse the web, use social media, or shop online, you probably don’t think about how your personal information is being safeguarded. However, with so many cyberattacks hitting the news on a frequent basis, this is something that should concern you. You see, hackers can gain access to your personal information if it isn’t properly encrypted and safeguarded. Thankfully, cryptography is here to save the day.

Before we delve into the reasons behind Optus breach, let’s see the chronology of events. According to various reports, Optus customer data was accessed via an API interface that was not secure. Apart from unauthenticated API, there was another serious issue related to easily enumerated ID’s (identifiers). These are foundational controls that were found lacking in the API implementation..

File Integrity Monitoring, aka as FIM, is a must-have feature for anyone in charge of security. With FIM, one can detect when a critical file, such as a file that belongs to the Operating System, or a key configuration file, is changed. In most cases, configuring FIM is straightforward: If the file changes then generate an alert.

Scanning a container image for vulnerabilities or misconfigurations on your GitLab CI/CD using Sysdig Secure is a straightforward process. This article demonstrates a step-by-step example of how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner with GitLab CI/CD. Although possible, this procedure is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.

In support of the Executive Order on Improving the Nation’s Cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) recently published a Binding Operational Directive (BOD) 23-01, designed to improve cybersecurity for the Federal Civilian Executive Branch (FCEB) enterprise and their respective unclassified assets.