‍ For chief information security officers (CISOs), understanding how their organization's unique cyber risk landscape has evolved is paramount. Chronological analysis not only enables risk trends to emerge with more clarity but also provides the essential context required for more informed decision-making.

We recently rolled out new capabilities.

Today, we’re launching multiple customization improvements to Vanta’s automated test capabilities, previously announced at VantaCon in December. With Custom Tests, you now have the ability to adjust Vanta’s pre-built tests as well as create new tests from scratch with new logic. ‍ Custom Tests empower you to gather evidence across your systems and use Vanta’s automation to continuously monitor and alert you when items fall out of compliance.

This article was originally published at TheHackerNews Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum? Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social security number.

Modern technology environments have become increasingly complex. This, as you might imagine, has had a wide-ranging impact on our organizations, IT teams, and priorities, especially when it comes to security.

The education industry isn’t just in the business of teaching students, it’s also responsible for a lot of data, primarily personally identifiable information (PII), making these organizations a major target for threat actors. In March of 2023, Minneapolis Public Schools saw ransomware group Medusa publish current and former students “former student records, parent contacts, home addresses and IDs with pictures.” Unfortunately, this instance isn’t an outlier.

On February 8, 2024, Ivanti publicly disclosed a high-severity authentication bypass vulnerability (CVE-2024-22024) impacting Ivanti Connect Secure, Policy Secure, and ZTA products. CVE-2024-22024 is an XML external entity (XXE) flaw in the SAML component and could allow threat actors to bypass authentication and access certain restricted resources if successfully exploited.

On February 8, 2024, Fortinet’s FortiGuard disclosed two critical vulnerabilities affecting FortiOS. CVE-2024-23113, a format string vulnerability, and CVE-2024-21762, an out-of-bounds write vulnerability, could allow unauthenticated threat actors to execute arbitrary code or commands. FortiGuard has stated they are aware of potential exploitation of CVE-2024-21762.

The Sysdig 2024 Cloud‑Native Security and Usage Report highlights the evolving threat landscape, but more importantly, as the adoption of cloud-native technologies such as container and Kubernetes continue to increase, not all organizations are following best practices. This is ultimately handing attackers an advantage when it comes to exploiting containers for resource utilization in operations such as Kubernetes.

Data is the most valuable asset for any organization, regardless of size or sector. Loss or corruption of financial reports, business plans and intellectual property can bring even a global enterprise to a standstill. Moreover, a wide range of compliance regulations mandate the organization protect information in accordance with data security best practices.