Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Whether you're expanding use cases, adding new vendors, or scaling the scope of your offerings, you need to keep apprised of potential security risks impacting your organization. UpGuard has added the SIG Lite questionnaire to our Questionnaire Library, making SIG available to help UpGuard customers evaluate third-party risks and potential vulnerabilities in your vendors' security policies.

Network segmentation or segregation is a network architecture practice used by network security personnel to divide an organization’s computer network into smaller subnets. Each subnet or network segment forms its own smaller network. By segmenting an organization’s network, personnel can better control the traffic flow between subnets, improve security policies, and make it more challenging for unauthorized users to access sensitive data and critical parts of the network.

Every website needs to be set up with a cloud service provider, but what about your other CSP: Content Security Policy? The Content Security Policy (CSP) is a standard provided in an HTTP response header that helps prevent cross-site scripting attacks (XSS), clickjacking, packet sniffing, and malicious content injection on the client side of your web page. Configuring the header will enable a CSP with the directives you supply to control how a user agent loads resources on your site.

‍Cybersecurity has become crucial for businesses and government entities in today's ever-changing digital landscape. While various frameworks and guidelines are available, the Australian Signals Directorate's "Essential Eight" is an effective and practical approach to strengthening an organization’s security against cyber attacks and threat actors.

When organizations hear “third-party risk management,” they often consider the processes needed to mitigate risks when working with a third-party vendor. These can include procurement risks and risks associated with starting new vendor relationships, often referred to as "onboarding,”—but what about when a working relationship ends?

Cisco has released a Product Security Incident Response Team (PSIRT) advisory regarding a zero-day vulnerability in the web UI feature of Cisco IOS XE software. Cisco has stated that the web-based user interface should never be accessible through the public internet, yet research indicates that more than 10,000 Cisco devices have been exploited by an unknown threat actor. This critical vulnerability is being tracked as CVE-2023-20198 and is currently undergoing investigation for active exploitation.

The Sender Policy Framework (SPF) is an email authentication protocol that specifies email authorization through Domain Name System (DNS) records. When an email is sent through the Simple Mail Transfer Protocol (SMTP), there is no requirement for authorized messages, which means that spammers can forge your domain in their phishing attacks.

Cybersecurity is becoming a growing priority for organizations, as daily news headlines feature large-scale data breaches due to unauthorized access and ransomware attacks dismantling systems across the globe. The last thing an organization wants is to become the next headline because its poor cybersecurity posture left it vulnerable to hackers. Cybersecurity audits meticulously analyze and report on an organization’s security program, helping them identify weak points that need addressing.

Today’s rapidly evolving digital world requires organizations to build a robust cybersecurity plan to safeguard internal infrastructures and oversee third-party vendors' cyber health. The Essential 8 is a cybersecurity framework developed by the Australian Signals Directorate designed to help organizations protect themselves against different cyber risks.

In the past, passwords alone were considered an effective security measure for protecting user accounts and deterring cybercriminals. Motivated by the increased threat of data breaches and other cyber attacks, the cybersecurity industry has since evolved from relying on passwords to favoring more robust authentication methods, such as multi-factor or two-factor authentication (2FA).