Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For starters, it’s no surprise that the findings revealed that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs. Detectify CEO Rickard Carlsson has been talking about this for some time – his article on the trouble with CVEs and vulnerability management in modern tech stacks demonstrates the risks associated with an overly reliant approach to established methods.

Earlier this year, the SEC proposed a new set of rules on cybersecurity governance, which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one more evidence of the fact that cybersecurity is no longer a backburner component of business operations. It is a critical factor that can determine the destiny of all kinds of organizations, large or small.

The Service Location Protocol (SLP), as defined in the RFCs, is vulnerable to abuse allowing attackers to use it as a powerful reflective denial-of-service amplification vector. Earlier this year, Bitsight and Curesec published a joint research regarding this flaw tracked as CVE-2023-29552, which details the issue as well as its global impact and exposure.

Applications frequently need to provide authentication credentials to gain access to cloud services and other resources. However, these credentials present a security risk because they are notoriously difficult to keep out of code. According to a GitGuardian report, 10 million credentials were publicly committed to GitHub in 2022. Leaked credentials such as these are a major cause of data breaches and account takeovers.

IT pros need local admin rights on corporate devices to install software, modify configuration settings, perform troubleshooting and so on. But all too often, business users are also routinely granted local admin rights on their computers.

A software bill of materials (SBOM) is a detailed, comprehensive list of all the components within a software application, including the use of open-source software, component dependencies, licenses, and known vulnerabilities. SBOMs provide an inventory of each individual component that comprises the application, much like a list of ingredients in a recipe.

An effective cybersecurity policy incorporates modern cryptography for secure data transmission. Encrypting data protects sensitive information during communication exchange so that only those authorized to decrypt that data can access it. Without encryption, all data transmitted over the public internet is at risk of interception and nefarious reuse. Encryption helps prevent stolen data through a variety of tools, including cryptographic ciphers like the Diffie-Hellman key exchange.

An email account takeover is a type of account takeover attack in which a cybercriminal gains unauthorized access to a user’s email account. Cybercriminals can gain access by stealing your email’s login credentials or finding them on the dark web. When a cybercriminal has gained access to your email account, they can lock you out of your account, monitor your activity, access your sensitive information, take over other accounts and impersonate you.

As we conclude a record-breaking year of growth at Keeper Security, I believe it’s important to take time to reflect on our achievements and appreciate the people who helped make 2023 a special year. Keeper experienced a transformative period of growth, innovation and strategic expansion that helped solidify our position as a leading force in cybersecurity.

We’re excited to share that for the fifth quarter in a row, Vanta has been named the #1 Leader in G2’s Grid® Report for Security Compliance | Winter 2024. ‍ Recently crossing 800 reviews on G2, Vanta also continues to be recognized as a leader in Cloud Compliance, Cloud Security, Vendor Security and Privacy Assessment, and Vendor Management, achieving top placement in 18 categories.