Software supply chains have become a tasty target for adversaries fueled by successful, high-profile attacks on companies like Solarwinds and Kaseya and open-source offerings like Log4j. Now a software applications security company seeks to address the problem with what it’s saying is the first attack surface management (ASM) product to address threats across the application…
Endpoint protection vendor Cybereason has launched a new incident response (IR) solution to streamline and automate IR investigations. Digital Forensics Incident Response incorporates nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes, the firm stated in a press release. The release comes in the wake of…
I love this time of year, with March Madness excitement in the air and my Notre Dame Fighting Irish still in the tournament (as of the writing of this column)! More importantly – yes, more importantly – I love monitoring the 538 March Madness prediction website to see how the chances of winning change through…
Security researchers have found several vulnerabilities affecting many models of APC Smart-UPS uninterruptible power supplies that could be exploited to take over the devices. UPS devices are used across many industries to keep mission-critical devices running in case of power loss. “Two of these are remote code execution (RCE) vulnerabilities in the code handling the…
The Federal Trade Commission (FTC) commissioners, in a split-vote (3-2), issued a policy statement on September 15, requiring both health applications and connected devices to comply with the “Health Breach Notification Rule (August 2009).” The commissioners recognized how the applications and devices did not fall within the scope of the Health Insurance Portability and Accountability…
Microsoft Active Directory (AD), which handles identity management, reportedly holds 90% to 95% market share among fortune 500 companies. Given such broad adoption, it is no surprise that it is so heavily targeted by malicious actors and researchers alike. Among the most cited types of attacks against AD are legacy protocols. One such protocol that…
In most enterprise stacks today, the database is where all our secrets wait. It’s part safe house, ready room, and staging ground for the bits that may be intensely personal or extremely valuable. Defending it against all incursions is one of the most important jobs for the database administrators, programmers, and DevOps teams that rely…
If you do business with the Department of Defense (DoD), then the Cybersecurity Maturity Model Certification (CMMC) is known to you. The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) approved the first company to become a certified assessor in May 2021. Since then, three additional companies have been approved. That’s it. Four companies have been…
Microsoft’s revised hardware specifications for the upcoming Windows 11 release on October 5 don’t change the fact that I’m stuck on Windows 10 for most of the machines in my network. Microsoft has expanded its testing application to include a few more processors that support Windows 11 (Intel Core X-series, Xeon W-series, and some Intel…
If you didn’t think the agriculture and food sector is of national security significance, then the issuance of the Insider Risk Mitigation Guide by the National Counterintelligence and Security Center (NCSC) in conjunction with the Department of Defense’s Center for Development of Security Excellence (CDSE) should be the equivalent of the bat-signal shining over Gotham….
New attack surface management product takes full-stack aim at sofware supply chain threats
