Security News

In this Help Net Security video, Christopher Maddalena, Director of Internal and Community Product at SpecterOps, showcases Ghostwriter, which helps you manage clients, projects, reports, and infrastructure in one application. The tool does not replace some of the more common or traditional project management tools, such as CRMs. Still, it does consolidate all relevant project information in a way for users to easily curate every aspect of their projects.

The number one thing enterprises need to do is get back to basics and focus on what builds the foundation to robust asset risk management - and that is visibility and understanding of risk. Asset risk management is paramount to an effective zero trust architecture.

The underlying concept is simple and efficient: combining Attack Surface Management with dark web monitoring to boost their synergized value, making the "1+1=3" formula possible. Importantly, every single IT asset will be mapped onto the cyber threat landscape, visualizing the ongoing phishing campaigns targeting your customers or employees, dark web announcements selling access to your compromised systems or corporate data, rogue mobile applications usurping your corporate identity, stolen credentials from your applications or third-party systems processing your data, and IoCs found on your systems.

You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.

In the last year, 60% of organizations suffered a certificate related outage that impacted their critical business applications. These outages are now costing large corporations an average of $5,600 per minute, damaging reputation and growth rates.

It's been a year since the release of The Ultimate SaaS Security Posture Management Checklist. SaaS apps are dynamicand ever-evolving - apps' settings need to be modified on a continuous basis from security updates and app feature enhancements to employees added or removed, and user roles and permissions set, reset, updated, etc.

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers internal and external attack vectors, application development and mobile app security, social engineering and phishing, and PCI- and FedRAMP-specific findings, with data segmented by industry and company size. Long-term data shows that cyber risk significantly shifts year over year based on company size, vertical market, and many other factors.

Any discussion about device management would not be complete without talking about unified endpoint management solutions. Apple Business Manager or ABM helps configure and deploy Apple devices, so why should you spend more resources upgrading to a dedicated UEM? To put it simply, the access to capabilities that a UEM provides is unrivaled.

As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to continuously validate the impermeability of the attack surface as a whole, the efficacy of security controls, as well as access management and segmentation policies, etc.

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Initial access to the company's IT network was made possible by using stolen Virtual Private Network credentials, followed by leveraging off-the-shelf tools for lateral movement and gaining deeper access into the victim's environment.