May 13 2024 Cyber Threat Intelligence Briefing
This weeks' briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
%term
The 443 Podcast - Episode 291 - Picking Secure Technologies
This week on the podcast, we cover guidance from CISA and its international partners that guides organizations on the right questions to ask during the technology procurement process to make sure the products they buy are secure. Before that, we cover Microsoft's research into a common vulnerability impacting over 4 billion Android application installations followed by a discussion on the Tunnel Vision VPN vulnerability.
Improve Data Governance with DSPM Classification
Businesses struggle to find and protect sensitive data scattered across various sources. Manual tagging for classification is error-prone and inconsistent. Data Security Posture Management (DSPM) automates discovery, classification, and remediation – finding sensitive data, applying consistent tags, and fixing past mistakes. This ensures efficient and accurate data security, especially with ever-growing data volumes.
Secure Collaboration with DSPM Access Controls
Cloud storage is convenient but misconfigured access can expose data. Data Security Posture Management (DSPM) finds publicly accessible files and folders, fixing them to prevent leaks. It also tackles hidden risks in folder sharing by detecting sensitive information and preventing accidental oversharing. By automatically fixing these issues, DSPM keeps your cloud data secure while enabling collaboration.
Protect Data-at-Rest with DSPM Encryption
Data breaches threaten valuable info like PII and financial records. Data Security Posture Management (DSPM) with AI helps you find sensitive data and secure it. Encryption scrambles data using keys you can customize. DSPM automates encryption and enforces data protection policies to keep your information safe.
Google Cloud affected by CVE-2021-30476
CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.
How to Create the Asset Inventory You Probably Don't Have
This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts.
SecurityScorecard and Intel: Digging Past the Surface for Enhanced Protection
Threat actors have responded to better protections in the operating system and improved endpoint detection and response (EDR) capabilities by moving down the stack to find entry points with full visibility and privileges into the stack above.
RSA 2024: The Art of Possible
“The best part of RSA is all the amazing people in the community trying to make the world a safer place. It’s also very exciting to see all the innovation to make adversaries’ lives harder – competition and collaboration make us better.” – CEO & Co-Founder Dr. Aleksandr Yampolskiy The SecurityScorecard team has just returned from an incredible week in San Francisco at RSA Conference 2024!
2024 RSA Recap: Allow us to Reintroduce Ourselves
The 2024 RSA Conference has officially wrapped, and this year’s event served as the perfect backdrop for us to make our re-introduction to the industry.