In our global study of the CISA KEV Catalog, we uncovered widespread vulnerabilities and the swift pace at which threats evolve. As we dissect the layers of data from the report, it becomes evident that each country's unique approach to cybersecurity regulation, vulnerability management, and remediation presents distinct challenges and opportunities.

Penetration testing is a cornerstone of any mature security program and is a mature and well understood practice supported by robust methodologies, tools, and frameworks. The tactical goals of these engagements typically revolve around identification and exploitation of vulnerabilities in technology, processes, and people to gain initial, elevated, and administrative access to the target environment.

In Part 1 of this series, we looked at how AWS WAF helps you monitor network traffic to AWS resources, as well as key metrics and logs for detecting WAF misconfigurations and malicious activity. In this post, we’ll walk through using AWS’s native tooling to query that data.

PowerShell is a powerful tool that is used for automating monotonous and time-consuming tasks. However, using these without code signing can leave you vulnerable to cyber-attacks. This blog will explain the PowerShell code signing best practices for signing your script. Let’s begin!

In our latest report, Snyk surveyed security and software development technologists, from top management to application developers, on how their companies had prepared for and adopted generative AI coding tools. While organizations felt ready and believed AI coding tools and AI-generated code were safe, they failed to undertake some basic steps for secure adoption. And within the ranks, those close to the code have greater doubts about AI safety than those higher up in management.

During some standard research as part of the Outpost24 Vulnerability Research Department, I discovered 5 vulnerabilities in Zyxel NAS devices: The vulnerabilities were disclosed to Zyxel on 2024-03-14 as part of our responsible disclosure policy, and have been resolved at the time of publishing this post (2024.06.04).

Trustwave has launched six new Microsoft-focused offerings that will bring clients greater security, resilience, and a higher return on their investment by helping optimize their Microsoft 365 enterprise plan to take full advantage of all of its security features.

The prevalence of cyber crime continues to soar, victimizing individuals in both their work and private lives. Cybercriminals are indiscriminate, targeting around the clock and across the globe. With digital security advancing, these criminals shift their focus to exploiting human weakness amidst increasingly secure technological environments.

In a significant cybersecurity incident, Cencora, a leading pharmaceutical services provider, experienced a data breach in February 2024, exposing sensitive patient information from 11 major pharmaceutical companies. This breach underscores the critical importance of robust enterprise risk management, vulnerability management, and endpoint security in protecting sensitive data and managing online reputation.