Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Stronger together. Never has an RSA conference theme been more aligned to CrowdStrike’s mission and vision for the future. If you look at our presence at RSAC 2023, CrowdStrike sits at the center of the security ecosystem. Everything we’re doing — from our partner breakfast to partner talks in our booth to our company announcements — highlights our commitment to bringing together the world’s best technology and data to deliver the best security outcomes.

Answering a GRC (Governance, Risk, and Compliance) vendor assessment is an important step for companies that want to demonstrate their commitment to compliance and risk management to potential customers. In this piece, we’ll cover how you can best respond to a prospect’s vendor assessment so you both can seal the deal. By following these best practices, you’ll be able to provide a comprehensive and accurate response to the assessment and establish a positive working relationship.

Advancements in AI have led to the creation of generative AI systems like ChatGPT, which can generate human-like responses to text-based inputs. However, these inputs are at the discretion of the user and they aren’t automatically filtered for sensitive data. This means that these systems can also be used to generate content from sensitive data, such as medical records, financial information, or personal details.

Ransomware has become a significant threat in today’s digital landscape, with cybercriminals using it as an effective means of making money, often with a low cost and high profit margin. Victims rarely recover their stolen data in full, despite promises from the perpetrators, so most of the time paying the ransom is not a viable solution.

Yesterday I wrote about some common Request for Proposal (RFP) pitfalls we have seen over the years at Trustwave. (part 1) Trustwave offers a wide range of services — from Managed Detection & Response (MDR), Managed SIEM services from Splunk, Qradar, and Microsoft Sentinel security testing, to complex red team engagements, so we‘ve seen numerous of styles and approaches in the format and presentation of the requests.

Implementing adequate software supply chain security is a challenging feat in 2023. Attackers are becoming more sophisticated, and the growing complexity of modern applications makes them difficult to defend. We’re talking microservices, multi-cloud environments, and complex workflows — all moving at the speed of business. To address these challenges, the Snyk team organized two roundtable discussions, one held in North America and the other in EMEA.

Unlimited Care Inc. is a home health company that offers help to patients in Westchester, New York, and surrounding locations. The company employs more than 2,500 people and has an annual revenue of more than $250 million. The organization recently suffered from a data attack that could have compromised a large number of company employees.

On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by threat actors. CVE-2023-27350 could allow unauthenticated threat actors to bypass authentication and execute arbitrary code in the context of SYSTEM on a PaperCut Application Server. Zero Day Initiative responsibly disclosed the vulnerability to PaperCut on January 10, 2023; PaperCut released a patch on March 8, 2023.

For media agencies and publishers, working with large files such as audio, images, and video is the norm. Individual files can reach several hundred gigabytes in size, each of which are components that will be imported into editing and design applications like Premiere Pro and InDesign to create final campaign assets.