Security News

The underlying concept is simple and efficient: combining Attack Surface Management with dark web monitoring to boost their synergized value, making the "1+1=3" formula possible. Importantly, every single IT asset will be mapped onto the cyber threat landscape, visualizing the ongoing phishing campaigns targeting your customers or employees, dark web announcements selling access to your compromised systems or corporate data, rogue mobile applications usurping your corporate identity, stolen credentials from your applications or third-party systems processing your data, and IoCs found on your systems.

You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.

In the last year, 60% of organizations suffered a certificate related outage that impacted their critical business applications. These outages are now costing large corporations an average of $5,600 per minute, damaging reputation and growth rates.

It's been a year since the release of The Ultimate SaaS Security Posture Management Checklist. SaaS apps are dynamicand ever-evolving - apps' settings need to be modified on a continuous basis from security updates and app feature enhancements to employees added or removed, and user roles and permissions set, reset, updated, etc.

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers internal and external attack vectors, application development and mobile app security, social engineering and phishing, and PCI- and FedRAMP-specific findings, with data segmented by industry and company size. Long-term data shows that cyber risk significantly shifts year over year based on company size, vertical market, and many other factors.

Any discussion about device management would not be complete without talking about unified endpoint management solutions. Apple Business Manager or ABM helps configure and deploy Apple devices, so why should you spend more resources upgrading to a dedicated UEM? To put it simply, the access to capabilities that a UEM provides is unrivaled.

As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to continuously validate the impermeability of the attack surface as a whole, the efficacy of security controls, as well as access management and segmentation policies, etc.

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Initial access to the company's IT network was made possible by using stolen Virtual Private Network credentials, followed by leveraging off-the-shelf tools for lateral movement and gaining deeper access into the victim's environment.

In this Help Net Security video, Jon Hencinski, VP of Security Operations at Expel, talks about how their SOC team has recently observed Business Email Compromise (BEC) attacks across multiple...

During AWS re:Inforce, Amazon executives emphasized how important access control is when it comes to cloud security and why IT leaders need to ask who has access to what and why. The executives emphasized the importance of enabling multi-factor authentication and blocking public access, with Kurt Kufeld, vice president of AWS platform, going as far as to say it "Will absolutely save lives."