暴露风险管理: 降低现代攻击面风险
面对无效且各自为政的安全计划,大量单点工具生成的数据零散且缺乏洞察,许多网络安全团队正陷入困境。 Here we explain why they need an exposure management platform that provides comprehensive visibility and allows them to…
CVE-2022-41040 and CVE-2022-41082: ProxyShell Variant Exploited in the Wild
Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available.
Cybersecurity Snapshot: 6 Things That Matter Right Now
Topics that are top of mind for the week ending Sept. 30 | Are you ready for the quantum threat? | Tips for protecting critical infrastructure from cyberattacks | How to prevent MFA fatigue attacks | “FiGHT” to secure 5G networks | And much more!
Diving Deeply into IAM Policy Evaluation: Highlights from AWS re:Inforce IAM433
One of the most talked-about sessions at AWS re:Inforce was IAM433, which discussed AWS IAM’s internal evaluation mechanisms.
The shift to integrated cybersecurity platforms: a growing trend among CISOs
New ESG and ISSA study shows nearly half of organizations are shifting towards integrated cybersecurity platforms. Here’s why many CISOs are making the shift. Less complexity, more security. The shift to integrated cybersecurity platforms has become a growing trend among CISOs. With security…
Cybersecurity Snapshot: 6 Things That Matter Right Now
Topics that are top of mind for the week ending Sept. 23 | A digital trust disconnect between theory and practice | Don’t ignore attack surface management | An SBOM 101 | Report finds hackers targeting small businesses | And much more!
Five Lessons Every Cybersecurity Team Can Learn from the Uber Incident
Upon hearing of a cybersecurity incident, alleged or factual, the most productive thing to do is learn what you can from its main lessons.
$1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants
As threats continue to evolve, state and local governments benefit from federal grant funding to bolster their cybersecurity posture.
如愿以偿找到整个攻击面上的“不了解的未知风险”
“不了解的未知风险”即安全团队尚未检测到因而无法加以保护的资产、漏洞、错误配置和系统弱点,CISO 们对此深感忧心。这些盲点对攻击者而言是非常宝贵的攻击机会,而对企业而言,却意味着重大安全风险。
Cybersecurity Snapshot: 6 Things That Matter Right Now
Topics that are top of mind for the week ending Sept. 16 | How cybersecurity excellence boosts business | CISOs on a vendor-consolidation campaign | A quick check on converged OT/IT cybersecurity | Guides to help developers beef up on security | And much more!
AA22-257A: Cybersecurity Agencies Issue Joint Advisory on Iranian Islamic Revolutionary Guard Corps-Affiliated Attacks
Several global cybersecurity agencies publish a joint advisory detailing efforts by Iranian-government sponsored threat actors exploiting vulnerabilities to enable ransomware attacks.
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild.
