Earlier this year, the SEC proposed a new set of rules on cybersecurity governance, which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one more evidence of the fact that cybersecurity is no longer a backburner component of business operations. It is a critical factor that can determine the destiny of all kinds of organizations, large or small.

The Service Location Protocol (SLP), as defined in the RFCs, is vulnerable to abuse allowing attackers to use it as a powerful reflective denial-of-service amplification vector. Earlier this year, Bitsight and Curesec published a joint research regarding this flaw tracked as CVE-2023-29552, which details the issue as well as its global impact and exposure.

Applications frequently need to provide authentication credentials to gain access to cloud services and other resources. However, these credentials present a security risk because they are notoriously difficult to keep out of code. According to a GitGuardian report, 10 million credentials were publicly committed to GitHub in 2022. Leaked credentials such as these are a major cause of data breaches and account takeovers.

No matter the size of your business, there are assets and data you have on your premises that you need to keep secure from people outside of your organisation. Whether it’s hard copies of personnel data, server rooms, or safety-critical infrastructure, that information, or how to gain access to that information will likely have some value to bad actors willing to use or exploit it.

‍ At Pentest People, we're committed to providing a seamless, efficient, and effective platform for managing your penetration test results. We continually strive to improve upon our offerings, and in this vein, we're excited to announce some significant changes to how reports on SecurePortal are presented and how data can be exported.

IT pros need local admin rights on corporate devices to install software, modify configuration settings, perform troubleshooting and so on. But all too often, business users are also routinely granted local admin rights on their computers.

A software bill of materials (SBOM) is a detailed, comprehensive list of all the components within a software application, including the use of open-source software, component dependencies, licenses, and known vulnerabilities. SBOMs provide an inventory of each individual component that comprises the application, much like a list of ingredients in a recipe.

An effective cybersecurity policy incorporates modern cryptography for secure data transmission. Encrypting data protects sensitive information during communication exchange so that only those authorized to decrypt that data can access it. Without encryption, all data transmitted over the public internet is at risk of interception and nefarious reuse. Encryption helps prevent stolen data through a variety of tools, including cryptographic ciphers like the Diffie-Hellman key exchange.

An email account takeover is a type of account takeover attack in which a cybercriminal gains unauthorized access to a user’s email account. Cybercriminals can gain access by stealing your email’s login credentials or finding them on the dark web. When a cybercriminal has gained access to your email account, they can lock you out of your account, monitor your activity, access your sensitive information, take over other accounts and impersonate you.

As we conclude a record-breaking year of growth at Keeper Security, I believe it’s important to take time to reflect on our achievements and appreciate the people who helped make 2023 a special year. Keeper experienced a transformative period of growth, innovation and strategic expansion that helped solidify our position as a leading force in cybersecurity.