Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. The fall out from MOVEIt continues to roll on….

Having a well-defined approach to managing a wide range of cyber risks is crucial for organisations cyber resilience, regardless of their size. The objective of any cyber resilience strategy is to effectively prepare for, respond to, and swiftly recover from cyber risks, enabling businesses to maintain their operations with minimal disruption to workflow and processes.

A basic Google search for the term “cybersecurity” will turn up dozens of competing advertisements for companies promising to solve all your security woes and keep attackers at bay with their version of a “technology silver bullet” – the end all be all that you must, according to them, purchase right now. It’s not that technology isn’t essential to your security strategy; it’s vital!

Resolving vulnerabilities quickly depends on several factors, not least how effectively security and product development teams collaborate. Modern security teams rely on several tools to discover, analyze, and triage vulnerability findings on to product development teams for remediation. This process sounds straightforward, but it rarely is. Detectify users manage the security of large scale products and services owned by dozens – if not hundreds – of product development teams.

Secrets management is an art, and mastering it requires a deep understanding of security protocols, meticulous attention to detail, and a proactive approach to staying ahead of threats. In this blog, we present you with eight essential concepts to enhance your credential management strategy.

As a kid, keeping a secret meant not telling anyone else information that a friend chose to share with you and trusted you to protect. In the digital era, protecting customer and employee sensitive data works similarly. Although establishing privacy controls and maintaining data protection are more difficult when managing complex IT environments, the principles underlying your data protection initiatives remain the same.

To develop practical solutions, it is crucial first to identify the primary threats that arise from the widespread use of ChatGPT. This article aims to analyze these emerging risks, discuss the necessary training and tools for cybersecurity professionals to respond effectively, and emphasize the importance of government oversight to prevent AI usage from undermining cybersecurity efforts. The emergence of ChatGPT brings both awe-inspiring possibilities and significant concerns regarding cybersecurity.

The zero-day vulnerability in Progress Software's MOVEit Transfer product is being exploited by the Clop ransomware gang and other copycat cybercriminal groups to expedite the theft of sensitive data from customer databases. To protect your organization from compromise, follow the recommended response actions in this blog. Learn how UpGuard streamlines Vendor Risk Management >

The Health Insurance Portability and Accountability Act, best known as HIPAA, is one of the most well-known healthcare privacy laws in the United States. The primary objective of HIPAA is to safeguard patients' Personal Health Information (PHI). HIPAA's Security and Privacy rules establish guidelines for protecting Electronically Protected Health Information (EPHI), and Trustwave DbProtect is a powerful tool to help achieve this goal.

Most data crimes are the result of online compromises. This makes sense, as the criminals don’t need to know any of the old, dirty, hands-on techniques such as lock-picking, dumpster diving, or any other evasive maneuvers to carry out a successful attack. However, this doesn’t mean that the old methods are completely defunct. Physical security is still an important facet of a complete security program.