License to Secure Episode 2: Hit What You Aim For
In the second episode of our License to Secure series, master third-party security control insights from data connectors.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive
Key findings from the research also show a rise in double-extortion attacks, self-managed websites targeted for malware delivery, threat actors continuing to exploit older software vulnerabilities, and more.
Learning about Saudi Arabia's Personal Data Protection Law and the compliance solution
The Saudi Data and Artificial Intelligence Authority (SDAIA) has decided its’ about time to call for the Kingdom of Saudi Arabia’s first data protection law. The Personal Data Protection Law (PDPL), originally included a public consultation component when it was launched by SDAIA in late 2022. Since then, the public consultation was withdrawn, and the draft version of the data protection law augmenting PDPL was issued.
Overcoming Cybersecurity Headwinds Part 3: Future Proofing Your TPRM Program
Welcome back to our Overcoming Cybersecurity Headwinds blog series—building on our latest webinar about third party risk with Marc Crudginton, CISO at Howard Hughes Corporation. In our previous blogs, we explored the wisdom of centralizing cyber risk management and automating third-party risk management (TPRM). Today, we will focus on future proofing your TPRM program.
Using Runtime Insights with Docker Scout to Prioritize Vulnerabilities
The cloud revolution has firmly taken hold, and businesses of all sizes are adopting cloud-native technologies. This new paradigm has also created newer attack surfaces for cybercriminals, who are eager to exploit known security gaps in cloud environments. Sysdig is collaborating with Docker to deliver a more efficient process for identifying risks and opportunities for accelerated remediation in Docker Scout using runtime insights.
Watch out for Frankenphisher - Cybersecurity Awareness Month 2023
Imagine an artificial intelligence (AI) system developed by a mad scientist to leverage the full capabilities of Large-Language-Models (LLM). Then, the scientist went truly mad by utilizing text, voice, and video generation paired with mutating and self-perpetuating malware, as well as continuous improvement through reinforcement learning. The concoction you would get from the scientist’s wild lab is called Frankenphisher, the most effective social engineering AI you can possibly imagine.
Why Tech Blogger Pete Matheson Recommends Keeper
Be better than your phone’s #password manager. @Pete Matheson shares just how much more you’ll get out of Keeper Password Manager.
Cisco VPN Zero-Day exploited by ransomware gangs (CVE-2023-20269) - Insights and best practices for defense Copy
In the tech security scene, we’re always on the lookout for new vulnerabilities, especially when they are already exploited in the wild. The latest zero-day CVE-2023-20269 is hitting Cisco’s Adaptive Security Appliance VPN features. The attack surface scan conducted by IONIX research on a sample of organizations indicates that 13% of these appliances are potentially vulnerable through at least one interface.
The role of automation in mitigating cybersecurity risks
Cyberattacks are on the rise around the globe. Recent data suggest that there are 2,200 cyberattacks every day and that the average cost of a data breach is $9.44 million. Of those cyberattacks, 92% are delivered via email in the form of malware and phishing. In 2022 alone, businesses reported 255 million phishing attacks with an average cost of $4.91 million.
DarkGate Loader Delivered via Microsoft Teams - How It Works, How to Mitigate It and How Forescout Can Help
The threat intelligence data that Forescout Research – Vedere Labs curates comes from the millions of connected devices that we monitor, attacks we observe and dissect in our sandboxes, data relating to attacks that is traded on the Darknet, and from our Adversary Engagement Environment. We see a lot of data. One thing no cybersecurity researcher wants to see, however, is an attack on their own organization.