Many people are turning to personal VPNs in order to avoid increasing restrictions and oversight over online browsing, but these VPNs can represent risks to personal and corporate cybersecurity.

In the modern, interconnected world, no organization is immune from a cyber attack. Indeed, most experts agree that it is a matter of “when,” not “if” an organization will be targeted by threat actors. If an attack is successful, the immediate costs — including potential ransom payments, lost revenue, and costs associated with remediation and restoration — can be substantial.

Grand View Research predict that USA demand for MSP services will double by 2030, a compound annual growth rate of 13%. It’s a similar story in most developed markets as businesses seek to outsource their non-core IT activities to experts. Such a strong sellers' market would normally mean easy growth. But MSPs cannot hope to recruit and train sufficient cyber security engineers. America has a 500,000 strong cybersecurity job gap.

As more organizations move their critical infrastructure to the cloud, ensuring security has become a top priority. This is where Cloud Security Posture Management (CSPM) comes in. CSPM solutions validate the configuration of cloud services from a security perspective, ensuring alignment with best practices and compliance frameworks such as CIS Benchmarks, PCI-DSS, NIST, and others.

Access control systems are the physical form of the layers of data, credential and identity controls underpinning the systems relied on every day. Yet, they can be an afterthought; even the most high-profile breaches of physical security systems can take years to rectify. Security Week highlights the vulnerabilities affecting Nice Linear, a widely used proprietary system in the world of smart homes. Over 2,500 individual vulnerabilities flagged in 2019 alone.

The rapid expansion of the digital landscape adds increasing complexity to cybersecurity, especially for enterprises that could have up to 100,000 vendors in their supply chain. Addressing these challenges requires implementing an Attack Surface Management (ASM) strategy tailored to enterprise businesses' unique risk profiles. This post outlines the importance of ASM for enterprises and offers a strategy for ensuring its effective implementation.

Each year, we revisit our risk rating system to ensure it best reflects the needs of security practitioners safeguarding their organizations and supply chains. For our 2024 update, we’ve made two closely related changes: we’ve recategorized some of our existing findings to make an organization’s risk profile more understandable and recalibrated our scoring algorithm to more clearly illustrate the impact of specific risks.

A recently addressed Windows MSHTML spoofing vulnerability, tracked as CVE-2024-43461, has been revealed to have been actively exploited in zero-day attacks by the Advanced Persistent Threat (APT) group, Void Banshee. Initially unmarked as exploited, Microsoft later updated its advisory to confirm that the vulnerability had been abused in attacks prior to its fix.