A high-severity security flaw in Progress Software's MOVEit Transfer platform is being exploited in the wild just hours after its disclosure. This vulnerability, identified as CVE-2024-5806, allows attackers to bypass authentication mechanisms and pose as any valid user, thereby gaining access to sensitive files.

It's a great honor for KnowBe4 to be named the Cyber Security Educator of the Year at the prestigious IT Europa Channel Awards 2024. This award recognizes our continued commitment and innovative approach to building a strong security culture and empowering organizations to manage the ongoing problem of social engineering. This achievement is a testament to the hard work and passion of our team in building the world's most comprehensive security awareness training and simulated phishing platform.

In today's interconnected business landscape, Third-Party Risk Management (TPRM), sometimes called vendor risk management (VRM), is a critical cybersecurity strategy for organizations aiming to safeguard their operations and reputation. With most companies increasing their reliance on external vendors and service providers, managing and mitigating risks associated with these third-party relationships is paramount.

In a concerning development, TeamViewer, one of the world's leading remote access software providers, has disclosed a cyber attack that breached its corporate network environment. The incident was first detected on June 26, 2024, when TeamViewer's security team identified irregularities in their internal IT infrastructure. Responding swiftly, TeamViewer activated its incident response procedures and engaged renowned cybersecurity experts to investigate and mitigate the breach.

Cyberespionage groups are increasingly using ransomware not just for financial gain but also as a tactic to complicate attack attribution, distract defenders, or serve as a secondary objective to data theft. A recent report highlights the activities of ChamelGang, a suspected Chinese advanced persistent threat (APT) group, which uses the CatB ransomware strain to target high-profile organizations globally.

In the past, we’ve written a lot about FedRAMP certification and the way the Ignyte platform can help you with record-keeping and the overall process. We’ve largely glossed over the role that the third-party assessment organization plays, hand-waving it as a relationship you build between your chosen 3PAO and your own organization. As a certified 3PAO, however, we do have a unique insight into this process.

Expanded support for multi business units, locations, and products. With multiple segments support across TrustCloud, you can develop and visualize your GRC requirements across business units, locations, and products. You can segment responsibilities and determine hierarchical impact through transparent parent-child relationships.

Ever hit send on an email and immediately felt that sinking feeling? Maybe it was an attachment containing sensitive data that was misplaced, or that clever phishing email that convinced a colleague to cough up login credentials. These are cases that clearly explain the critical need for Email Data Loss Prevention (DLP).

Earlier this year, a Chinese company named Funnull acquired the polyfillio. Due to this acquisition, this code was used to redirect mobile visitors to scam sites. Over 100,000 websites using the previously popular Polyfill JS open-source project are vulnerable to attacks that redirect traffic to sports betting and pornography sites.

If your device suddenly behaves like a re-animated zombie, it might be under a botnet attack. Botnet attacks, also known as zombie armies, involve hijacking internet-connected devices infected with malware, controlled remotely by a single hacker. These attacks can reach immense scales, as demonstrated by an incident where 1.5 million connected cameras were exploited to overwhelm and take down a journalist’s website.