Third-party risk management (TPRM) is the structured process of identifying, assessing, and mitigating risks posed by external vendors, suppliers, and service providers. These risks can include cyber threats, data breaches, regulatory violations, and financial instability, all of which can severely impact your organization’s security and compliance posture.

On October 9th, 2024, five vulnerabilities were disclosed by Palo Alto Networks: These vulnerabilities affect Palo Alto Networks Expedition, a tool that manages configuration migration from supported vendors to Palo Alto Networks systems.

On September 26, 2024, four critical vulnerabilities, CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, were disclosed in the open-source printing system Common Unix Printing System (CUPS) and its components. Attackers can leverage the remote code execution (RCE) and input validation vulnerabilities as part of an attack chain.

CVE-2024-23113 is a critical (9.8) Fortinet FortiOS vulnerability allowing remote, unauthenticated attackers to execute arbitrary code or commands using specially crafted requests. The flaw uses an externally-controlled format string vulnerability in the FortiOS fgfmd daemon.

Virtual machines (VMs) running on cloud-native platforms like OpenShift Virtualization require robust backup and recovery solutions to avoid downtime and data loss. However, many organizations struggle with the complexities of backing up VMs in hybrid and multi-cloud environments, especially when managing infrastructure at scale.

File hosting services enable business email compromise (BEC) attacks, Mamba 2FA threatens global organizations, and the Dark Angels ransomware group conducts targeted attacks.

In the ever-evolving landscape of cybersecurity, IT practitioners stand as the first line of defense against an increasingly sophisticated array of threats. Their role in safeguarding critical assets, data, and infrastructure has never been more crucial. But as the complexity and frequency of cyber attacks escalate, these professionals often find themselves overwhelmed by an ever-growing list of responsibilities and tasks.

Context switching can be security’s worst enemy. Today’s security practices require developer buy-in, and when security teams require developers to deviate from their established workflows to address issues, adoption becomes far less likely. To truly empower developers to find and fix vulnerabilities within their code, security teams must shift security even further left. It’s not enough to simply provide user-friendly tools and training around them.

Most computer systems and applications use passwords as a common authentication method. The simplest way to implement authentication is to store a list of all valid passwords for each user. The downside of this method is that if the list is compromised, the attacker will know all the user passwords. A more common approach is to store the cryptographic hash value of the password phrase.

The second most popular OS in today’s business environment, macOS, is often neglected in cybersecurity discussions. This is likely due to Windows OS holding a dominant share (72.1%) of the global workstation market and Linux (4.03%) running critical parts of IT infrastructure. This often leaves macOS excluded from the conversation.