If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).

The U.S. Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 has passed through the Office of Information and Regulatory Affairs and is now on its way to Congress, set to become law by Q4 2024. With the CMMC becoming official law, its full implementation in defense contracts will occur through a phased approach over three years starting in 2025.

Have you ever stopped to consider all of the components that comprise a working automobile? Even a cursory examination reveals more parts than might be considered when we turn the ignition key. However, many of these components are useless when detached from the full product. A steering wheel without a car is not exactly an efficient mode of transportation.

We are thrilled to introduce two exciting new features to SecurePortal: Live Vulnerabilities and Chat. With Live Vulnerabilities, you can now access real-time vulnerability information as consultants identify them, significantly reducing the risk window. This enhancement enables your IT teams to begin triaging vulnerabilities within minutes, rather than waiting for the full assessment to be published. You can mark vulnerabilities as resolved as soon as they are fixed, even during an ongoing engagement.

The rise of hybrid and remote work has created unprecedented opportunities for forward-thinking organizations and their employees. At the same time, it has also created unprecedented opportunities for threat actors. The ability to access sensitive files from almost any machine, while convenient, can be a profound security risk. That’s why it’s worth considering a few real-world ZTNA use cases.

Elastic Security Labs discovers that threat actors are taking advantage of readily available abused security tools and misconfigured environments. Elastic Security Labs has released the 2024 Elastic Global Threat Report, surfacing the most pressing threats, trends, and recommendations to help keep organizations safe for the upcoming year. Threat actors are finding success from the use of offensive security tools (OSTs), a misconfiguration of cloud environments, and a growing emphasis on Credential Access.

MSSPs have huge potential for growth as more and more companies turn to experts to outsource their cybersecurity. Tailwinds such as escalating cyber threats, the need to protect more customer data than ever before, and growing compliance requirements are driving the managed security services market’s growth at a compound annual growth rate of 15.4% from 2023 to 2030.

There’s no way around it: vulnerability management is complex. As organizations become more reliant on software and applications, the sheer volume of known vulnerabilities has become more difficult to track, prioritize, and remediate. Adversaries have also become increasingly reliant on exploiting vulnerabilities in order to compromise organizations.

The rise of cloud-based software applications has changed the way many companies operate. Leveraging SaaS platforms allows organizations to streamline their workflows and better accommodate remote and hybrid workforces. However, spreading your data throughout the cloud can leave it vulnerable — unless you have strong SaaS security practices in place.

We are thrilled to announce that we have completed the acquisition of Venafi, a recognized leader in machine identity management. This strategic move aligns with our commitment to not just protecting human identities but expanding our capabilities for securing the rapidly growing world of machine identities.