Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Analysis: A new ransomware group emerges from the Change Healthcare cyber attack

As the full scope of the Change Healthcare cyber attack and ransomware story unfolds, a new leading gang has emerged known as ‘RansomHub’. This ‘new’ group has been claiming more victims since the massive February ransomware and data breach attack. On April 8, Forescout Research – Vedere Labs obtained samples used by RansomHub affiliates in a separate incident.

Unauthenticated Out-of-Bounds Memory Read Vulnerability in Citrix NetScaler ADC and Gateway

On May 6, 2024, Bishop Fox publicly disclosed a vulnerability along with a proof of concept (PoC) exploit in Citrix NetScaler ADC and Gateway, identified as an unauthenticated out-of-bounds memory read issue in the components used for Authentication, Authorization, and Auditing (AAA).

Ascension Healthcare Compromise

On May 8, 2024, Ascension Healthcare notified business partners of suspicious activity detected within their systems. They have launched investigations and are actively working on remediation efforts. Consequently, some systems will experience interruptions during this process, such as clinical operations. Ascension is currently working with Mandiant to investigate the compromise and whether sensitive data was affected, if at all.

5 ways Vanta customers use Trust Centers to demonstrate their security

Trust and transparency are key to winning customers today. Customers and prospects of all sizes need to know how you’ll protect their data before they can do business with you — which often leads to lengthy questionnaires, long security reviews, and stretched sales cycles as they work to understand your security posture.

Strengthening ANZ's Critical Infrastructure Sectors Against Cyber Threats in 2024

As 2024 continues forward, Australia and New Zealand’s critical infrastructure sectors face significant cybersecurity challenges. Critical infrastructure (CI) sectors–encompassing energy, healthcare, transportation, water, and communication–are at a pivotal moment in their evolution. The rapid digitisation of these sectors brings not only unprecedented efficiency and connectivity but also a significantly expanded attack surface.

What is the MITRE ATT&CK framework?

As a kid, treasure hunts were fun. Someone gave you clues and a map so you could hunt down whatever hidden item they left for you. However, as a security analyst, your incident investigations often have clues but lack a map. An alert fires. You search through your vast collection of log data. You hope to find the next clue while trying to figure out the attacker’s next steps.

AI-driven Security Analytics: Attack Discovery Demo

Powered by the Elastic Search AI platform, Attack Discovery triages hundreds of alerts down to a few attacks that matter. Elastic’s AI-driven security analytics is built on the Search AI platform, which includes RAG powered by the industry's foremost search technology. The traditional SIEM will be replaced by an AI-driven security analytics solution for the modern SOC. Additional Resources.

Vendor Risk Management Examples

You understand the importance of a Vendor Risk Management strategy in mitigating the impact of third-party data breaches. However, you’re still unsure about its application to different vendor cyber risk contexts. To help you bridge this application gap and leverage the complete benefits of a Vendor Risk Management process, this post outlines three common examples of vendor security risks and how a VRM program could be tailored to address them. Learn how UpGuard streamlines Vendor Risk Management >

Creating a Vendor Risk Assessment Framework (6-Step Guide)

Vendor Risk Assessment processes form the core of a Vendor Risk Management program. As such, the efficiency of a VRM program is ultimately dependent on the design of its risk assessment processes. This post guides you through the design of an efficient vendor risk assessment framework in six steps. By implementing this framework, you can establish an efficient risk assessment workflow built upon a scalable process foundation. Learn how UpGuard streamlines vendor risk assessments >