Git is a distributed version control system that empowers developers with version control features and local repositories. In most production settings, Git is paired with a hosted service for distributed access with minimal repository configuration requirements. However, using a hosted server for source control can introduce new attack vectors in source control management (SCM). This article provides suggestions for security concerns around Git use.

American college athletics is a foundational pillar of higher education institutions and a profitable business model for universities. The National Collegiate Athletic Association (NCAA), which regulates college athletics, reported that in 2020, Division I schools earned $15.7 billion in athletics revenue. In 2023, NCAA Division I school Ohio State University reported a record-breaking revenue of over $275 million from its athletic department alone.

Third-party risk management (TPRM) software is essential for any organization that utilizes third-party providers. If not monitored and managed, third-party vendors pose significant risks to the companies they work with, including cybersecurity, operational, financial, and legal/regulatory/compliance risks. TPRM software works seamlessly to help reduce this risk and provides your organization with ongoing monitoring to address vulnerabilities before they become significant security incidents.

Cloud-based solutions are becoming increasingly common in businesses across industries. Utilizing the cloud allows organizations to seamlessly access data across devices and users, making operations more efficient using digital transformation. However, cloud solutions also present many security concerns, increasing the need for cloud security.

The National Institute of Standards and Technology (NIST) developed the NIST 800-171 framework to set guidelines and security requirements for protecting controlled unclassified information (CUI). NIST first created the framework in June 2015 but has since revised the publication several times, most recently in November 2023.

CVE-2024-0204, a critical authentication bypass exploit in Fortra's GoAnywhere Managed File Transfer (MFT) software, allows unauthorized users to create admin users and bypass authentication requirements. GoAnywhere MFT was previously targeted by the Clop ransomware group with CVE-2023-0669. Fortra released a security advisory for CVE-2024-0204 in January 2024 following their December 2023 patch release. Any use of Fortra GoAnywhere MFT versions predating 7.4.1 are affected by the vulnerability.

Industries that collect user data, such as finance, healthcare, and government, are high-profile targets for DNS attacks because the data is compelling for malicious actors. Incorporating a variety of security mitigations, including Domain Name System Security Extensions to prevent spoofing attacks, can help an organization prevent data breaches and protect its users and their data from misuse.

Modern slavery is a pervasive global issue all businesses must be aware of to ensure fair working conditions, liveable wages, and safe labor practices exist across their supply chain. Some organizations may be surprised to find out that slavery is still a global concern, as individuals often use the term in a historical context. However, this does not change the fact that victims of modern slavery continue to suffer behind closed doors around the globe.

Tracking key performance indicators (KPIs) will allow your organization to assess and elevate its third-party risk management (TPRM) program. By monitoring specific metrics over time, your risk management team will be able to reveal your TPRM program’s overall health and particular areas where personnel can implement changes to improve localized performance. According to one 2023 study, about 98% of organizations worldwide are connected to at least one breached third-party vendor.