Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you ask a security team if they run pentests on their web applications or APIs, the answer is always a strong “Yes”. But if you ask if they pentested their Umbraco setup, you will get a more hesitant, “I thought Umbraco is secure by default”. Umbraco is a powerful CMS, but assuming it is secure by default is a mistake.

In today’s interconnected business environment, organizations increasingly rely on third-party vendors to enhance operational efficiency and drive innovation. For instance, consider a mid-sized retail company that partnered with a logistics provider to streamline its supply chain, resulting in a 20% reduction in delivery times. However, this dependence introduces significant risks, including data breaches, regulatory non-compliance, and operational disruptions.

Although wireless networks are convenient, allowing teams to stay connected - whether they’re in the office, moving between spaces, or working from home - they are inherently more exposed than wired connections as they broadcast your network to the physical world. But this convenience often leads to overlooked security gaps, especially if your Wi-Fi is not regularly reviewed or was set up using default settings. A few common issues can arise because of this, including.

In today’s rapidly evolving threat landscape, cybersecurity compliance isn’t just about avoiding penalties—it’s about protecting your business and building customer trust. Whether your organization must follow frameworks like NIST, HIPAA, PCI-DSS, or GDPR, ensuring full cybersecurity compliance can give you a powerful competitive edge. At Cybriant, we make that process simple, streamlined, and effective.

GxP compliance supports the medical and pharmaceutical industries. “Good” x “Practices” covers several scenarios, where x represents manufacturing, distribution, laboratory, clinical, or document scenarios. There’s also cGxP, where c represents “current”, which is about as good as saying “new”. How long is “new”, and when does “new” become “legacy”?

Navigating an audit can be complex and time-consuming, but the right preparation and approach can make the process much smoother. Whether you're working toward SOC 2, ISO 27001, or another framework, knowing when to engage auditors, how to provide access, and what to focus on during the audit will set you up for success. ‍ In this guide, we’ll walk through best practices for working with auditors—from initial engagement to ongoing audit management and post-audit steps. ‍

A strong email security posture is as much about culture as it is about technology. In the 2022-23 financial year, 78% of Australian businesses offered annual cybersecurity training to their entire workforce; however, only 39% of these businesses provided specialized training for privileged users who are authorized to perform security-relevant functions that ordinary users are not.

If you’re part of the defense industrial base and you’re seeking CMMC certification, there’s a very good chance you’re aiming for Level 2. Level 1 is mostly meant for businesses with a focus on federal contract information but not CUI, while Level 3 is meant for businesses handling the most sensitive kinds of CUI; since most businesses fall somewhere in the middle, Level 2 is the most common.

In the final entry of this blog series, we will discuss the challenges of managing assets and risks across multiple data systems. Then, we will discuss how Asset and Risk Intelligence integrates with multiple platforms to provide centralized visibility. From there, we will summarize the content of this blog post and go into a step by step guided demo. If you haven’t already, be sure to check out the first, second, and third entries in this series for more deep dives into Splunk ARI and its features.

Over the past few days, we have been in direct contact with a hacker who goes by the alias Rose87168. He claims to have breached Oracle Cloud systems, specifically targeting Oracle WebLogic and Oracle Access Manager (OAM). The hacker has provided us with multiple files and data samples, including a tree file and a 10,000-line dataset, which allegedly contain sensitive configuration files, user authentication data, and directory structures from Oracle's infrastructure.