NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.

In December, I’ll have been with CyberArk for seven years, and at a similar point, I’ll have spent two years leading product marketing for cloud security at the company. In my short tenure with CyberArk Product Marketing, I’ve advocated for zero standing privileges (ZSP) as a default mechanism for implementing privilege controls. It’s easier, more effective and doesn’t change how people work.

The recent Federal Communications Commission (FCC) settlement with TracFone Wireless, Inc. (TracFone) for $16 million highlights a critical vulnerability within the mobile telecommunications industry: API security. The investigation revealed unauthorized access to customer data through weaknesses in TracFone's mobile carrier APIs. This incident reminds mobile carriers to prioritize robust API security measures to safeguard customer data and ensure network integrity.

Runtime anomaly detection is fast becoming a critical component for protecting containerized environments. Recent advancements in this field are addressing long-standing challenges and introducing innovative approaches to enhance security posture.

Organizations often face different forms of cyberthreats and cyberattacks, and attackers try to get their hands on confidential data which would result in major loss of reputation, customer’s information, etc. So, organizations should implement networking tools to secure their data.

The GSM Association, which stands for the Global System for Mobile Communications Association and is known more commonly as the GSMA, developed the Security Accreditation Scheme (SAS), a security standard and audit-based certification program that addresses various aspects of eSIM production and management. ManageEngine Firewall Analyzer now supports GSMA compliance for mobile operators and companies within the mobile ecosystem.

A critical problem for security and legal professionals who manage supply chain risk is that cybersecurity risks are dynamic and always shifting. You have done your due diligence and selected a vendor with strong cybersecurity controls – but how can you guarantee that your vendor maintains this type of security hygiene and doesn’t become a target and a “weak link” in your supply chain?

A newly drafted United Nations treaty aimed at combating global cybercrime has sparked significant debate due to its potential implications for technology companies, privacy rights, and digital freedoms. The UN Convention Against Cybercrime, which advanced from committee to the General Assembly on August 8, 2024, could require nations to enforce stringent laws against unauthorized access to information systems and data interception, raising alarms among privacy advocates and cybersecurity experts.

A new zero-day vulnerability, CVE-2024-38856, has been discovered in the Apache OFBiz open-source enterprise resource planning (ERP) platform, presenting a critical threat to businesses worldwide. This pre-authentication remote code execution (RCE) flaw allows unauthenticated attackers to exploit weaknesses in OFBiz’s request handling, leading to unauthorized access and potentially damaging control over affected systems.