%term

Achieving Automated TISAX Compliance

May 27, 2024 By Faisal Parkar In Tripwire

Cyberattacks on the automotive industry are becoming more sophisticated. In its 2024 Automotive Cybersecurity Report, Upstream found that 50% of all automotive cyber incidents in 2023 had a high or massive impact. Similarly, 95% of all attacks in 2023 were executed remotely, and 37% of attacker activities in the deep and dark web target multiple original equipment manufacturers (OEMs) simultaneously.

Read Post

Tripwire

Read more about Achieving Automated TISAX Compliance

Mastering SQL Injection : A Comprehensive Guide to SQL Map

May 27, 2024 By VISTA InfoSec In VISTA InfoSec

In this video we will learn about one of the most prevalent database threats today, SQL Injection attack which is a common method used by hackers to exploit vulnerabilities in web applications that interact with databases. Join us as we explore the inner workings of this malicious technique and understand how SQLMAP Tool, a powerful open-source penetration testing tool can be used to protect your data. With step-by-step examples and demonstrations, we will show how to install SQLMAP and take countermeasures.

View Video

VISTA InfoSec

Read more about Mastering SQL Injection : A Comprehensive Guide to SQL Map

What is FedRAMP? (And who needs to know)

May 26, 2024 By Richa Tiwari In TrustCloud

For SaaS applications and cloud service providers (CSPs), maintaining compliance with FedRAMP requirements is critical to the bottom line. It means the difference between working with U.S. government agencies—or not. But as one might expect from a bureaucratic process, getting FedRAMP authorization is complicated and takes time. Before starting the FedRAMP approval process, teams and company leaders must understand the required steps, prepare thoroughly, and muster their patience.

Read Post

TrustCloud

Read more about What is FedRAMP? (And who needs to know)

PCI DSS For Small Business

May 24, 2024 By Narendra Sahoo In VISTA InfoSec

In an era where digital transactions reign supreme, ensuring the security of payment card data is paramount for businesses. This is where the Payment Card Industry Data Security Standard (PCI DSS) comes into play, serving as a crucial framework for safeguarding sensitive information and protecting both businesses and consumers from the ever-present threat of cybercrime. While it is generally associated with large businesses, it is equally important for smaller ones as well.

Read Post

VISTA InfoSec

Read more about PCI DSS For Small Business

DORA Regulation: What Financial Institutions Need To Do

May 24, 2024 By Yannis Velitsikakis In Obrela

As a cybersecurity company, Obrela is vigilant in monitoring the evolving regulations and how these impact our clients, especially those in the financial sector. With the introduction of the Digital Operational Resilience Act (DORA), we see a transformative step forward in the European Union’s approach to financial cyber resilience. Here’s an overview of what DORA entails and what it means for financial entities.

Read Post

Obrela

Read more about DORA Regulation: What Financial Institutions Need To Do

Key Take Aways from RSA 2024

May 23, 2024 By Paul Davis In JFrog

The impact of the 2024 RSA Conference on security in San Francisco was beyond expectations. It was really a fantastic opportunity to meet an amazing group of individuals from all stages of the software supply chain from CISOs to researchers to development and security teams.

Read Post

JFrog

Read more about Key Take Aways from RSA 2024

How to Use the Terraform Destroy Command to Control Cyber Attack Damage

May 23, 2024 By Narendra Sahoo In VISTA InfoSec

In many cases, cutting something off is necessary to avoid bigger damage. This is the idea behind controlled infrastructure removal, the elimination of some parts of your cloud infrastructure to contain an attack or remove a potential attack surface. It is an important part of infrastructure-as-code (IaC) management and something organizations need to be familiar with as they secure their cloud environments and the apps they develop.

Read Post

VISTA InfoSec

Read more about How to Use the Terraform Destroy Command to Control Cyber Attack Damage

Guide: What is FedRAMP Tailored and What is The Difference?

May 23, 2024 By Max Aulakh In Ignyte

In the past, we’ve talked a lot about the various FedRAMP guidelines required to reach either a single Authority to Operate or a generalized Provisional Authority to Operate. One thing that can be said to be common to all of these is that, in general, you’re talking about FedRAMP Moderate Impact Levels when you discuss these kinds of standards and certification processes. This is because around 80% of cloud service providers and offerings are classified as Moderate impact.

Read Post

Ignyte

Read more about Guide: What is FedRAMP Tailored and What is The Difference?

The Need for Speed: "Material" Confusion under the SEC's Cyber Rules

May 23, 2024 By SecurityScorecard In SecurityScorecard

This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule. The statement itself addresses a technical securities law requirement, that public companies should only use Item 1.05 of Form 8-K to disclose “material” cyber breach information (instead of making voluntary or immaterial disclosures).

Read Post

SecurityScorecard

Read more about The Need for Speed: "Material" Confusion under the SEC's Cyber Rules

How to Choose the Right ASVS Level for Your Organization

May 22, 2024 By Chester Avey In SecuritySenses

The Application Security Verification Standard (ASVS) developed by the Open Web Application Security Project (OWASP) provides a robust framework for conducting penetration testing (pentesting) and security audits of web applications and infrastructure. In the evolving landscape of network security, with risks emerging in sophistication and frequency, maintaining a baseline level of compliant security procedures is highly recommended.

Read Post