Third-Party Risk Management & Compliance News
May 17th, 2024 - Whether proprietary or outsourced, software development has evolved into a nuanced matter when it comes to security. A single line of faulty code lurking in a library or framework can expose the entire organizational environment to attack. Unsurprisingly, threat actors increasingly exploit software supply chain gaps to infiltrate enterprise networks. A recent report by Sonatype found that 245K malicious application packages were logged in 2023 alone. That tripled the stats for 2022 and doubled ... [Read More]
Source: scmagazine.com
May 16th, 2024 - A report by the Ponemon Institute found that 59% of organizations experienced a software supply chain attack, with 54% of these respondents having experienced one in the past year. This survey was conducted among 1,278 IT and IT security practitioners, with managers, directors and senior executives making up nearly half (49%) of the survey demographic. 28% of respondents state that a previously detected, unpatched open-source vulnerability was the cause of the software supply chain attack, ... [Read More]
Source: securitymagazine.com
May 16th, 2024 - Do you want to enhance your organisation's cybersecurity by identifying and addressing vulnerabilities before they can be exploited? Mastering the art of penetration testing is a vital skill for any security professional and an essential component of a robust security strategy. In this blog post, we'll guide you through "how to do penetration testing", providing valuable insights and actionable recommendations to strengthen your security posture. Key Takeaways Cyber security strategy is ... [Read More]
Source: securityboulevard.com
May 16th, 2024 - With ransomware at an all-time high, companies need to understand that being cyber resilient means going beyond compliance to considering all aspects of a business, from operational continuity to software supply chain security. In May 2021, when Colonial Pipeline was targeted by the DarkSide hackers , CEO Joseph Blount made the highly controversial decision to pay the $4.4 million ransom. The attack put critical US infrastructure in jeopardy, resulting in daily briefings to President Joe Biden, ... [Read More]
Source: csoonline.com
May 16th, 2024 - The National Institute of Standards and Technology (NIST) has released newly updated guideline s for Federal agencies on how to protect their controlled unclassified information (CUI) when it resides on private-sector systems. The guidance released earlier this week updates guideline set by NIST in 2020 and adds a series of benchmarks to the level of protection that Federal agencies should target. "The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal ... [Read More]
Source: meritalk.com
May 16th, 2024 - Physical security and cybersecurity converge To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet. There are smart fridges, smart toasters, thermostats, etc. Companies are even connecting things like belts and (I can't believe I'm not making this up) beehives to the internet. Sometimes the benefits are clear. Other times, not so ... [Read More]
Source: securitytoday.com
May 15th, 2024 - The NIST Cybersecurity Framework 2.0, introduced in early 2024, incorporates new elements like a focus on governance and supply chain security. It aims to be more accessible and useful to a broader range of organizations. In a recent discussion, Steve Salinas from Stellar Cyber and Michael Hamilton, founder and CISO of Critical Insight, examined the updates in the new framework. Hamilton highlighted the consolidation of specific elements into governance and emphasized the importance of managing ... [Read More]
Source: msspalert.com
May 15th, 2024 - When talking about industries, few are as critical to global infrastructure and economic stability as the oil and gas sector. In an interconnected digital age where technology fuels every aspect of the global economy, the oil and gas industry stands as a vital pillar, powering nations and economies worldwide. However, this digital power has also rendered the industry susceptible to innumerable cyber threats. Cybersecurity compliance in the oil and gas sector is not merely a choice; it's ... [Read More]
Source: securityboulevard.com
May 15th, 2024 - Banking giant Santander has confirmed that customer and employee data has been breached following a compromise of a third-party provider. In a statement published on May 14, 2024, the bank revealed that "certain information" relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group, had been accessed by hackers. Customer data in all other Santander markets and businesses have not been affected. Impacted Customers Urged ... [Read More]
Source: infosecurity-magazine.com
May 14th, 2024 - This is the third blog post in a series that is taking a deep dive into DevSecOps program architecture. The goal of this series is to provide a holistic overview of DevSecOps as a collection of technology-driven, automated processes . Make sure to check out the first and second parts too! At this point in the series, we have covered how to manage existing vulnerabilities and how to prevent the introduction of new vulnerabilities . We now have a software development lifecycle (SDLC) that ... [Read More]
Source: securityboulevard.com
May 17th, 2024 - Whether proprietary or outsourced, software development has evolved into a nuanced matter when it comes to security. A single line of faulty code lurking in a library or framework can expose the entire organizational environment to attack. Unsurprisingly, threat actors increasingly exploit software supply chain gaps to infiltrate enterprise networks. A recent report by Sonatype found that 245K malicious application packages were logged in 2023 alone. That tripled the stats for 2022 and doubled ... [Read More]
Source: scmagazine.com
May 16th, 2024 - A report by the Ponemon Institute found that 59% of organizations experienced a software supply chain attack, with 54% of these respondents having experienced one in the past year. This survey was conducted among 1,278 IT and IT security practitioners, with managers, directors and senior executives making up nearly half (49%) of the survey demographic. 28% of respondents state that a previously detected, unpatched open-source vulnerability was the cause of the software supply chain attack, ... [Read More]
Source: securitymagazine.com
May 16th, 2024 - Do you want to enhance your organisation's cybersecurity by identifying and addressing vulnerabilities before they can be exploited? Mastering the art of penetration testing is a vital skill for any security professional and an essential component of a robust security strategy. In this blog post, we'll guide you through "how to do penetration testing", providing valuable insights and actionable recommendations to strengthen your security posture. Key Takeaways Cyber security strategy is ... [Read More]
Source: securityboulevard.com
May 16th, 2024 - With ransomware at an all-time high, companies need to understand that being cyber resilient means going beyond compliance to considering all aspects of a business, from operational continuity to software supply chain security. In May 2021, when Colonial Pipeline was targeted by the DarkSide hackers , CEO Joseph Blount made the highly controversial decision to pay the $4.4 million ransom. The attack put critical US infrastructure in jeopardy, resulting in daily briefings to President Joe Biden, ... [Read More]
Source: csoonline.com
May 16th, 2024 - The National Institute of Standards and Technology (NIST) has released newly updated guideline s for Federal agencies on how to protect their controlled unclassified information (CUI) when it resides on private-sector systems. The guidance released earlier this week updates guideline set by NIST in 2020 and adds a series of benchmarks to the level of protection that Federal agencies should target. "The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal ... [Read More]
Source: meritalk.com
May 16th, 2024 - Physical security and cybersecurity converge To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet. There are smart fridges, smart toasters, thermostats, etc. Companies are even connecting things like belts and (I can't believe I'm not making this up) beehives to the internet. Sometimes the benefits are clear. Other times, not so ... [Read More]
Source: securitytoday.com
May 15th, 2024 - The NIST Cybersecurity Framework 2.0, introduced in early 2024, incorporates new elements like a focus on governance and supply chain security. It aims to be more accessible and useful to a broader range of organizations. In a recent discussion, Steve Salinas from Stellar Cyber and Michael Hamilton, founder and CISO of Critical Insight, examined the updates in the new framework. Hamilton highlighted the consolidation of specific elements into governance and emphasized the importance of managing ... [Read More]
Source: msspalert.com
May 15th, 2024 - When talking about industries, few are as critical to global infrastructure and economic stability as the oil and gas sector. In an interconnected digital age where technology fuels every aspect of the global economy, the oil and gas industry stands as a vital pillar, powering nations and economies worldwide. However, this digital power has also rendered the industry susceptible to innumerable cyber threats. Cybersecurity compliance in the oil and gas sector is not merely a choice; it's ... [Read More]
Source: securityboulevard.com
May 15th, 2024 - Banking giant Santander has confirmed that customer and employee data has been breached following a compromise of a third-party provider. In a statement published on May 14, 2024, the bank revealed that "certain information" relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group, had been accessed by hackers. Customer data in all other Santander markets and businesses have not been affected. Impacted Customers Urged ... [Read More]
Source: infosecurity-magazine.com
May 14th, 2024 - This is the third blog post in a series that is taking a deep dive into DevSecOps program architecture. The goal of this series is to provide a holistic overview of DevSecOps as a collection of technology-driven, automated processes . Make sure to check out the first and second parts too! At this point in the series, we have covered how to manage existing vulnerabilities and how to prevent the introduction of new vulnerabilities . We now have a software development lifecycle (SDLC) that ... [Read More]
Source: securityboulevard.com
You May Also Like…
The SolarWinds Breach and SEC Charges: What You Need to Know
The SolarWinds breach was one of the most significant cyberattacks in recent history, affecting thousands of organizations and compromising sensitive data and systems. The 2020 breach against...
Understanding the New SEC Cybersecurity Requirements
The Securities and Exchange Commission (SEC) has recently adopted new rules that require public companies and foreign issuers to disclose material information about their cybersecurity risk...
ProcessBolt Secures New Strategic Funding from Orlando Health Ventures, Joining Tampa General and Waterline Ventures
MINNETONKA, MN (Nov. 2, 2023) – ProcessBolt, the comprehensive AI-driven vendor risk management platform, is excited to announce a strategic investment from Orlando Health Ventures and its...