Since 2015, the Securities and Exchange Board of India (SEBI) has introduced several cybersecurity and cyber resilience frameworks to address evolving cybersecurity risks and strengthen the resilience of regulated entities (REs). Additionally, SEBI has issued multiple advisories on best practices to guide REs in enhancing their cybersecurity posture.
Once upon a time, workers sat in offices, only used corporate desktops and crossed a single authentication checkpoint to access company resources kept snugly behind a protective barrier. The world has changed dramatically since then. Cloud and hybrid environments are vast and complex. Work happens anywhere and everywhere. Company employees, contractors, partners and other users interact daily with multiple endpoints—personal and company-owned—alongside SaaS applications and sensitive data.
What if there were a way to negate the effectiveness of multi-factor authentication (or even bypass secure login protocols) without ever cracking a password? Session hijacking offers attackers a tempting shortcut to user accounts, bypassing the usual security barriers. In 2022 alone, researchers scouring the shadier corners of the internet (like the dark web) found 22 billion device and session cookie records – each of which could help to enable session hijacking.
The NuPoint Unified Messaging (NPM) module in Mitel MiCollab versions up to 9.8 SP1 FP2 (9.8.1.201) is vulnerable to a path traversal attack caused by insufficient input validation. This vulnerability could be exploited by an unauthenticated attacker to gain unauthorized access to sensitive files, potentially allowing them to read, alter, or delete user data and critical system settings. The Mitel MiCollab Arbitrary File Read Vulnerability combines CVE-2024-41713 with another yet-to-be-assigned issue.
Whether managing a distributed workforce, balancing a range of devices and systems, or navigating the complexities of hybrid work, challenges are everywhere: fragmented workflows, operational inefficiencies, and concerns about insider risks. Solving these issues can feel like an uphill battle without clear visibility into digital workforce behavior.
In a world where security incidents and cyber threats are escalating, achieving and maintaining compliance with ISO 27001, the international standard for information security management, is more crucial than ever.
Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Say that again, $7K per month!? OK…
For organizations handling sensitive data, finding a secure and efficient way to test data protection solutions is crucial. The Protegrity API Playground offers a straightforward way to test Protegrity’s data protection features. The Playground grants you 10,000 API requests after registration to use as you see fit: protecting names, addresses, credit card numbers – or any other data your organization considers secure.