Comparing and quantifying your cybersecurity posture against peer organizations in the financial sector provides valuable context for how your cybersecurity program performs relative to others in your industry. Digital Defense’s Insight peer comparison report in the Fortra Vulnerability Management platform vulnerability and threat management platform provides actionable and detailed intelligence...

Microsoft Domain Controller “ZeroLogon” VulnerabilityA recent disclosure by Dutch security firm Secura B.V. has highlighted how dangerous a Netlogon vulnerability (CVE-2020-1472) included in the August 2020 Patch Tuesday release can be to a network. To exploit this vulnerability, an attacker with an established foothold in an internal network could exploit the weak cryptographic algorithm used by...

In the battle against cyber adversaries, IT security professionals have to carefully balance competing objectives; protecting business assets and processes while enabling legitimate business operations and initiatives. Maximizing both objectives is challenging, especially in a highly competitive and digitally connected business environment. Far too frequently, sacrifices in cyber defenses and...

When a network or device is compromised, it is critical to respond as quickly as possible in order to minimize the risk to your business. To have an almost instantaneous incident response, you have to do two things: you have to detect the incident immediately and you have to respond immediately. Here we’ll show how combining automated detection with network access control (NAC) can improve...

Slack Desktop Application Remote Code Execution (RCE) Vulnerability A RCE flaw was disclosed on August 31st, 2020, which affects the users of the Windows, Mac OS, and Linux desktop application versions of Slack. Users that click on an HTML injected image, will be redirected to an attacker’s server where a malicious javascript payload will be executed within the Slack application on their local...

Policy alone is rarely enough to influence change. Lasting impact requires buy-in from the organization and is best achieved using a mix of different influence levers.

While pen testing has been around since the 1960s, not all organizations have yet perfected the art of conducting them. In fact, not all companies are taking advantage of them, but that’s a conversation for another time.Below are a few common pitfalls that even experienced security teams fall victim to from time to time.Wrong FrequencyPenetration tests evaluate your security posture at the moment...

This article was originally published on Techaeris on August 07, 2020.For centuries, the automotive industry has benefited from the rapid development of technology. From the introduction of Ford’s Model A back in 1903 till in recent times, when cars are being equipped with assistive sensors helping the driver park safely, with the evolution of multimedia systems, or the computerized engine systems...

With the increased normalization of remote work, many organizations are dealing with an attack surface that has expanded beyond traditional network bounds. A new imperative exists for IT and security teams to adopt broader work-from-home security practices. This includes updating vulnerability scanning and management strategies to monitor both remote endpoints and network assets effectively. A...

CISM (Certified Information Security Manager) is an advanced certification designed for IT professionals who focus on information security management. Here, we’ll discuss what CISM is, the CISM certification process, and the benefits of being CISM-certified.

In the early days of the internet, cybersecurity was fairly straightforward, with all solutions and strategies geared toward prevention. While prevention remains critical, cybersecurity has also had to evolve, with businesses layering their defenses and regularly evaluating the status of their safeguards to adapt to change—whether those be organizational or within the wider cybersecurity sphere.