Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Just two months ago, researchers from Vienna conducted a study that revealed the abuse of dangling DNS records to hijack subdomains of numerous major organizations, highlighting the potential vulnerability of thousands of entities. The researchers targeted subdomains belonging to various government organizations, political parties, universities, media companies, and financial institutions. They managed to take control of these subdomains to demonstrate the risk associated with this vulnerability.

Two big trends are now converging that will change the way we view and implement software supply chain security and make dependency management a vital part of assuring security. Let’s look at why and how this is happening, and what it means for dependency management.

Third-party cyber risk is now one of the biggest threats today, according to many CISOs. Security leaders point to the fact that many of the recent major breaches have been a result of a single software supply chain vulnerability: SolarWinds, Log4j, and MOVEit, just to name a few.

In an era where data breaches and cyberthreats are a constant concern, ensuring the security of your network monitoring systems is paramount. The Federal Information Processing Standards (FIPS) compliance standard serves as a robust benchmark for data security. In this comprehensive blog, we’ll explore the importance of FIPS compliance and delve into how OpManager, leading network management software, adheres to these standards to bolster security for its users.

As a senior consultant I deal with customers across numerous industries and maturity levels. I am often engaged in conducting risk assessments or gap analysis aligned with common frameworks such as the National Institute for Standards and Technology’s (NIST) Cybersecurity Framework (CSF). Most, if not all, the frameworks have a few controls that focus on the organization’s backup processes and disaster recovery plans.

Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be about the cost, since even the smallest cup of coffee is equal to, if not more expensive than a gallon of gasoline.

In the dynamic landscape of modern web applications and organizations, access control is critical. Defining who can do what within your Cloudflare account ensures security and efficient workflow management.

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication. “In 2023, ‘in-the-middle’ techniques are some of the most frequently-observed methods used to gain access to MFA-secured networks,” the researchers write. “They enable threat actors to intercept or bypass MFA protocols by stealing communications without the victim’s knowledge.

A new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years. Normally when we talk about a Cybercrime-as-a-Service malware, toolset, or platform being behind a string of attacks, we rarely know anything more than the malicious tools that were used.

Security researchers at Check Point have discovered yet another attack that leverages legitimate web applications to host attacks in order to bypass security scanners. One of the easiest ways for a security solution to spot a phishing attack is to evaluate the webpage a malicious link takes the recipient to.