What's new in UpGuard // Cyber Vendor Risk Management Product Releases
Check out the latest product releases from UpGuard!
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How the USPTO Uses Zero Trust to Protect the Nation's Most Valuable Data
The United States Patent and Trademark Office (USPTO) is the repository for a wealth of knowledge dating back to the nation's founding. The information behind many of the world's greatest inventions ranging from the light bulb, iPhone, Maglev trains to the zipper are housed and protected by the USPTO. A task that is now considerably more difficult as the primary storage medium moves from paper to on-premises and into the cloud.
CLM and Turkish KVKK Personal Data Protection Law
Data’s role in business processes continues to evolve. Today, organizations collect, store, process, and transmit more personal data than ever before, and legislative bodies respond by updating privacy laws. In 2016, Turkey passed the first iteration of its Personal Data Protection Law number 6698 (PDPL), which also established the Kişisel Verileri Koruma Kurumu (KVKK), the country’s data protection authority.
What is Digital Forensics Incident Response? | Security Expert Reacts to DFIR
Digital Forensics and Incident Response? (DFIR) is the cybersecurity field that defines the process and the best practices to follow in order to deal with a cyber attack or a security breach. Join Miguel, a security expert watching a video about a cyber detective investigating a kubernetes breach, and find out what the culprit was!
The Evolution of the Internet: From a Fad to a Global Phenomenon
Do you remember a time before the internet? It's hard to imagine our lives without it now, but there was a time when people believed it was just a passing fad. In this video, we take a look back at the evolution of the internet and how it went from being a niche technology to a global phenomenon that has changed the way we live, work, and communicate. We explore the early days of the internet when people thought it was just a passing trend, and how it evolved into the complex and ever-evolving system we know today.
Detect the Most Common Ransomware TTPs to Prevent Attacks
In our new threat briefing, Forescout’s Vedere Labs details tactics, techniques and procedures (TTPs) commonly adopted by ransomware groups and provides specific mitigation recommendations. In addition to basic cyber hygiene practices, we recommend using Forescout XDR for extended detection and response. Its 1,500+ detection rules cover hundreds of the TTPs most commonly used by ransomware.
Expression DoS Vulnerability Found in Spring - CVE-2023-20861
As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.
Emotet Comeback: New Campaign Using Binary Padding to Evade Detection
Emotet is undoubtedly a very resilient botnet. Even though its operation was disrupted by Europol in January 2021, Emotet came back a few months later and continues to spread. In May 2022, shortly after Microsoft released new controls related to malicious macros, Netskope Threat Labs analyzed an Emotet campaign where they were testing a new delivery method, by using LNK files.
How to Handle AWS Secrets
In this blog post, we'll cover some best practices for managing AWS secrets when using the AWS SDK in Python.
Coffee Talk with SURGe: Oakland Ransomware Attack, BreachForums, Acropalypse Vulnerability, GPT-4
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan shared their takes on responding to 0day vulnerabilities and the trio also discussed GPT-4 and the future of generative AI.