%term

Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities

Oct 29, 2024 By UpGuard Team In UpGuard

The Common UNIX Printing System (CUPS) is a widely used printing system on Unix-like operating systems, but recent vulnerabilities have exposed significant risks. The most critical is CVE-2024-47176, which affects the cups-browsed service by binding to the IP address INADDR_ANY:631. This configuration flaw causes it to trust all incoming packets, leading to potential remote code execution when interacting with malicious printers. This vulnerability is part of a chain of exploits, including.

Read Post

UpGuard

Read more about Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities

Inside a North Korean Phishing Operation Targeting DevOps Employees

Oct 29, 2024 By SecurityScorecard In SecurityScorecard

Sophisticated threat actors are increasingly targeting organizations with tailored phishing campaigns. Recently, SecurityScorecard detected a similar attempt against our team—and stopped it in its tracks. We’re sharing our findings to support the InfoSec community and strengthen collective defenses against continually evolving threats.

Read Post

SecurityScorecard

Read more about Inside a North Korean Phishing Operation Targeting DevOps Employees

Cost of Ignoring Data Replication: Risks for Modern Businesses

Oct 28, 2024 By SecuritySenses In SecuritySenses

Data replication allows businesses to operate efficiently. The process involves copying data files across multiple systems or locations. At its core, replication prevents downtime and ensures data is synchronized in case of accidental deletion. However, this move could expose your business to risks like data inconsistencies, data loss, limited scalability, and compliance issues. This article will discuss the cost of ignoring data replication for modern businesses.

Read Post

SecuritySenses

Read more about Cost of Ignoring Data Replication: Risks for Modern Businesses

Unlocking the Potential of GRC Tools: A Path to Strategic Risk Management

Oct 25, 2024 By Razorthorn In Razorthorn

By James Rees, MD, Razorthorn Security In today’s complex cybersecurity landscape, Governance, Risk and Compliance (GRC) tools have become essential for organisations managing intricate security ecosystems. These tools are designed to centralise information, streamline processes and offer crucial insights into an organisation’s risk posture. However, as cybersecurity expert Jack Jones revealed when he joined me on a recent podcast, the reality often falls short of these ambitious claims.

Read Post

Razorthorn

Read more about Unlocking the Potential of GRC Tools: A Path to Strategic Risk Management

Introducing the Risk Management Dashboard

Oct 25, 2024 By Keeper In Keeper

The Keeper Risk Management Dashboard is a powerful feature of the Keeper Admin Console that provides comprehensive security posture information covering end-user deployment, utilization, cloud configuration, and event monitoring. This critical data helps administrators ensure that risks are remediated and compliance is enforced effectively.

View Video

Keeper

Read more about Introducing the Risk Management Dashboard

What Security Teams Need to Know About the EU's NIS 2 Directive

Oct 24, 2024 By Graham Rance, VP Global Pre-Sales In CyCognito

The deadline to get compliant with the EU's NIS 2 Directive is here. And this isn't just a minor update from its NIS 1 predecessor-it's a major expansion that carries with it new challenges and obligations. The directive now covers a whopping 300,000 organizations, up from just 20,000 under NIS 1. Sectors like aerospace, public administration, digital services, postal and courier services, and food production are now included. Organizations are classified into "essential" or "important" entities based on size and criticality to the economy.

Read Post

CyCognito

Read more about What Security Teams Need to Know About the EU's NIS 2 Directive

How to Overcome the Security Questionnaire Burden

Oct 24, 2024 By Nicholas Sollitto In UpGuard

If you’re on the frontlines of your organization’s cybersecurity department, you’ve likely found yourself burdened by security questionnaires. Whether you’re in charge of evaluating vendor responses or completing questionnaires yourself, it’s no secret these requests can be time-consuming for everyone involved. Well, what if this didn’t have to be the case?

Read Post

UpGuard

Read more about How to Overcome the Security Questionnaire Burden

What is Third-Party Risk Monitoring in Cybersecurity?

Oct 24, 2024 By Edward Kost In UpGuard

Third-party monitoring is a critical aspect of Third-Party Risk Management as it keeps security teams informed of the organization's evolving third-party risk exposure. To learn the importance of third-party monitoring and why it should be emphasized in your TPRM program, read on.

Read Post

UpGuard

Read more about What is Third-Party Risk Monitoring in Cybersecurity?

New from Nucleus: Automating POA&M Management for Federal Compliance

Oct 24, 2024 By Scott Kuffer In Nucleus

Managing compliance in federal IT is a critical and complex task, especially when it comes to addressing findings from security assessments. One of the key tools to bridge the gap between requirements and the current state is the Plan of Action and Milestones (POA&M). Required by federal security frameworks like the Federal Information Security Modernization Act (FISMA) and NIST 800-53, POA&Ms are used to document security weaknesses, outline mitigation plans, and track their resolution.

Read Post

Nucleus

Read more about New from Nucleus: Automating POA&M Management for Federal Compliance

Nucleus Security Launches POAM Process Automation for Federal Agencies

Oct 23, 2024 By Nucleus In Nucleus

Nucleus Security Launches POAM Process Automation for Federal Agencies Integrated solution helps federal agencies and their suppliers reduce operational overhead, maintain compliance, and promote risk management efficacy.

Read Post