The more access rights an employee has, the more possibilities they have to misuse or abuse privileges. According to the ENISA Threat Landscape 2021 report, a third of surveyed organizations suffered from privilege abuse by insiders during the period from April 2020 through July 2021. That’s why establishing an appropriate level of privileged account management plays a significant role in ensuring your organization’s cybersecurity.

Are passwords still the most common strategy for protecting accounts in organizations? This Pulse password security survey reveals that 38% of respondents use between 4 and 6 password-protected accounts on a daily basis and 49% admit that their IT teams resolve an average of 9 password-related issues every day. The majority acknowledge that this has been exacerbated by remote working during recent months due to the pandemic.

For a variety of reasons, some more obvious than others, it’s unreasonable to expect federal and local governments to develop the software that supports their day-to-day operations. So they turn to solutions provided by private companies. This is really a win-win situation; the government gets access to best-of-breed solutions developed by experienced companies, and the vendor secures funds that help spur innovation that’s available to the public and private sector alike.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to detect and avert potential software supply chain security threats. After validating the findings, the team reports any security vulnerabilities or malicious packages discovered to repository maintainers and the wider community.

In today’s world, businesses, economies, and lives are connected by a complex spider web of code and software applications. This code and these applications drive e-commerce, financial transactions, and data input. They impact our ability to quickly transfer money from one account to another, to fill out an online mortgage application, and to order supplies from a vendor. The code that drives these systems is complicated. If something can go wrong, it will.

The term Governance, Risk, and Compliance (relatively known as its acronym ‘GRC’) is an integrated strategy for managing an organisation’s overall governance procedures, enterprise risk management, and regulatory compliance.

Kerberos authentication is a network protocol that secures user access to services/applications by using secret-key cryptography across client-server communications. The Kerberos network authentication protocol helps prevent hackers from intercepting passwords over unsecured networks.

The number of missing security patches in an OT system is typically very large—measured in the thousands, at least. It would be difficult and expensive for an asset owner to evaluate each missing security patch / cyber asset pair. This may be one reason we see a patch everything approach, but this is also difficult and expensive. In fact, assessments show this is rarely done even where required by policy.

If you’re a Tripwire® Whitelist Profiler customer, then you know that the software does an excellent job of executing its core functionalities. These include comparing the running state of a machine to the approved and expected configurations in your environment to stay in compliance with audit and internal policies. Although Whitelist Profiler is proficient in this regard, that doesn’t mean it can’t be improved in other capacities such as ease of use.

CISA issues ‘Shields Up’ alert to warn US companies about potential Russian hacking attempts to disrupt essential services and critical infrastructure as the Russia-Ukraine crisis escalates. Get ahead of the situation with essential information.