Security News

3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them
2023-05-29 11:47

In this article, we'll look at another trending acronym - CTEM, which stands for Continuous Threat Exposure Management - and the often-surprising challenges that come along with seeing a CTEM program through to maturity. Continuous Threat Exposure Management is not a technology and you can't go to a vendor in hopes of finding a CTEM solution.

2023-05-23 04:30

To have a successful conclusion to the mergers and acquisitions process, identity and access management teams need time to prepare, test, and communicate with users to ensure the process goes as smoothly as possible. Unauthorized access: During a rapid transition, there is often temporary confusion regarding who has access to sensitive data.

Introducing Permit.io: Simplifying access control and policy management for developers
2023-05-18 04:00

In this Help Net Security video interview, Or Weis, Co-Founder and CEO of Permit.io, discusses an innovative approach to managing permissions and access control within applications. We will explore policy as code and how it addresses organizations' challenges in managing access control effectively.

Identifying a Patch Management Solution: Overview of Key Criteria
2023-05-17 11:54

An evaluation that begins with a focus on specific key criteria - essential attributes and functionality likely to be offered by many vendors but not all - will allow IT teams to narrow down their options as they work to identify the best solution for their organization's patch management needs. In Linux operating systems, the platform must determine whether a patch can be applied or if an existing patch must be removed before the new patch is applied, at which point the original patch can be reinstalled.

How Attack Surface Management Supports Continuous Threat Exposure Management
2023-05-11 14:05

In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management for a suite of comprehensive offensive security solutions. EASM is distinct from similar market categories, such as cyber attack surface management or security risk rating services, but the differences are nuanced.

Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
2023-05-04 13:19

Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery flaws and one instance of unrestricted file upload functionality in the API Management developer portal, according to Israeli cloud security firm Ermetic.

Centralized secrets management picks up pace
2023-05-01 14:08

"There are secrets in Jenkins, secrets in my TerraForm script, in my Infrastructure as a Service script. I have secrets everywhere." The deployment of centralized secrets management solution is arguably the best way to properly address these issues.

Cisco discloses XSS zero-day flaw in server management tool
2023-04-26 18:51

Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment software that can be exploited for cross-site scripting attacks. Tracked as CVE-2023-20060, the bug was found in the web-based management interface of Cisco PCD 14 and earlier by Pierre Vivegnis of the NATO Cyber Security Centre.

Modernizing Vulnerability Management: The Move Toward Exposure Management
2023-04-25 11:53

Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of attackers' opportunities. Modern vulnerability management integrates security tools such as scanners, threat intelligence, and remediation workflows to provide a more efficient and effective solution.

A third-party’s perspective on third-party InfoSec risk management
2023-04-24 04:30

In the complex and fast-moving world of cybersecurity-meets-regulations, working with third parties requires diligent third-party risk management oversight to monitor data management and processes. Improving InfoSec risk management can provide insights into how data is handled, the security safeguards in place to protect that data, potential security weaknesses, and better adherence to the multitude of data, security, and privacy regulations.