Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The new advanced detection analytics package to detect lateral movement Lateral movement is a dangerous threat in the landscape of highly integrated technologies. If attackers gain access to an endpoint, it’s critical for security teams to identify any and all movements they make. To combat this threat, Elastic Security is excited to announce a new lateral movement detection package that makes use of advanced analytics.

The most significant change in the lifespan of identity security thus far is zero standing privileges (ZSP). Considered to be the next evolution of just-in-time (JIT) access, although it may seem needlessly complex at first, once you wrap your head around the concept, it feels as natural as turning off lights when you leave a room. But first, a bit about me and the journey to ZSP.

More mobile devices, more problems. The business landscape has shifted dramatically, as more endpoints connect to corporate networks from a wider variety of locations and are transmitting massive amounts of data. Economic forces and a lengthy pandemic have caused a decentralization of the workforce and increased adoption of a hybrid workplace model. Today, employees are more mobile than ever.

Texas State agencies, educational organizations and municipalities face relentless cyberthreats from malicious actors. These attacks jeopardize sensitive information and disrupt essential services. TX-RAMP serves as a program that aids agencies in enhancing their overall cybersecurity posture. Selecting a TX-RAMP Certified solution for password and privileged access management will help organizations of all sizes defend against cyberthreats.

Supply chain security issues are not exactly new. High-profile attacks, like SolarWinds in 2020, were a big wake-up call for many people because they brought home just how far-reaching and destructive these attacks could be. The threat from supply chain partners remains one of the most significant risks to security beaches. The SANS 2023 Attack and Threat Report found that 40% of breaches in 2022 occurred through supply chain partners.

1st Source Bank is a major financial institution located in Indiana and Michigan. The bank is headquartered in South Bend, Indiana, but there are 81 branches in the two states. Between these branches, there is a large number of employees and hundreds of thousands of customers. Many of those customers lost their personal data thanks to a recent breach.

Near the end of July, the MOVEit data breaches that occurred back in May are still doing serious damage and hurting major companies. Three of the five breaches reported this week were due to MOVEit-related attacks, including Milliman Solutions, the National Student Clearinghouse, and 1st Source Bank. The other two companies that suffered from major data breaches this week are Microsoft and the Tramp General Hospital.

Global regulations regarding software validation (e.g., 21 CFR Part 11, Annex 11, etc.) have been in place for many years. With an increasing number of software-as-a-service vendors offering GxP-compliant solutions, it is more important than ever that CSV and QA teams of all sizes make use of sensible approaches to software validation to better manage their overhead while maintaining compliance with regulatory requirements.

GRC programs are often viewed as cost centers. But, they can in fact be profit drivers by contributing to sales acceleration, cost and time savings, and risk reduction. The real question is, how can you prove that to the board? TrustCloud teamed up with ISSA to discuss.

Email scams known as "CEO Fraud" are very common right now. They are a type of "Business Email Compromise" (BEC). There have been numerous recent cases reported in the media, and we too, are seeing many reports by our customers. One customer described these attacks as 'rampant'. The US FBI recently put the estimate of losses in 2015 associated with BEC frauds in the hundreds of millions of dollars.