Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of cyberattacks used previously unseen malware or methods, up from the norm of 20%. And with the average enterprise using well over 1,000 cloud services, it can be very difficult to get a handle on potential vulnerabilities or to know when risks will pop up.

The U.S. Securities and Exchange Commission (SEC) this week voted to adopt new rules for how companies inform investors about cybersecurity concerns. The vote comes after years of gradually increasing guidance and scrutiny over companies’ handling of cybersecurity events and follows a lengthy comment period where companies, including CrowdStrike, provided input.

On July 28th, 2023, Ivanti released a security advisory detailing a new vulnerability affecting Ivanti Endpoint Manager Mobile which allows an authenticated administrator to perform arbitrary file writes (CVE-2023-35081).

As cloud technology continues to evolve, the demand for Kubernetes is skyrocketing. As a result, security has become a top priority for developers looking to protect their application data. That's where Transport Layer Security (TLS) comes into play. TLS is essential for ensuring a secure connection between your applications and the internet. TLS leverages asymmetric and symmetric cryptographies to keep your data secure in transit and at rest.

Vendor relationship management is a process focused on overseeing relationships with third-party vendors. Vendors can range from small independent contractors for one-time projects to multi-year business partners critical to an organization’s success. Companies rarely handle all their business in-house and independently.

The US Cybersecurity and Infrastructure Security Agency (CISA) has found that compromise of valid accounts and spear phishing attacks were the two most common vectors of initial access in 2022, Decipher reports. Valid accounts were compromised in 54% of successful attacks. “Valid accounts can be former employee accounts that have not been removed from the active directory or default administrator accounts,” CISA said.

We've reported on several Amazon scams, but for once, there is positive news. Amazon sent an email Thursday morning highlighting the top scams your users should watch out for: Prime Membership Scams Per Amazon, "These are unexpected calls/texts/emails that refer to a costly membership fee or an issue with your membership and ask you to confirm or cancel the charge.

Maximus Federal Services is a significant government contractor that helps administrate many different US government programs. The company manages programs like local healthcare, student loan servicing, and many federal services. With more than 34,300 people employed by the company and a revenue that reaches more than $4.25 billion annually, the company manages a vast store of data that includes personal and health-related data for millions of Americans.

‍ This month's release rollup includes Egnyte's AI-driven document summarization, project dashboard for Android, and Smart Cache file download improvements. Below is an overview of these and other new releases. Visit the linked articles for more details.

The U.S. Securities and Exchange Commission (SEC) announced new regulations for public companies requiring them to disclose a “material cybersecurity incident” via formal report due four business days after a company determines that a cybersecurity incident is material. This is creating a lot of buzz, with companies worried if they will be prepared.