According to IBM's 2024 X-Force Threat Intelligence Index, the abuse of valid credentials was the top initial access vector in 2023. With the growing threat of credential theft and session hijacking, cybercriminals are finding new ways to infiltrate organizations of all sizes.
In this webinar, we’ll introduce how...
Finance needs to secure login credentials for banking apps not covered by SSO. Marketing needs to share the Instagram login with the whole social media team. Developers need an easy way to access secrets – so they don't have to hardcode them into code.
How do you protect what you can't see? You start by making...
Why are we talking about metadata? Why now?
Because metadata has fairly obvious limitations that are being overlooked.
The problem isn't that we create or use metadata — it is the way it is used that causes trouble.
This white paper dives into:
The good, bad, and the ugly of metadata
Why metadata isn't...
Four years ago, federal regulators started sending a message to healthcare entities about the need to give patients timely access to their health records. Insurer UnitedHealthcare, the 45th firm penalized for potential "right to access" violations, agreed to an $80,000 fine and corrective action.
File Integrity Monitoring (FIM) is a technology that monitors for changes in files that may indicate a cyberattack. In many organizations, however, FIM mostly means noise: too many changes, no context around these changes, and little insight into whether a detected change actually poses a risk.
Download your copy...
Spoiler alert: In 2022, audits found open source in 100% of our customer engagements.
Since open source usages are now so pervasive, companies are increasingly concerned about the security of applications built on the foundation of open source components. Consequently, open source security and license compliance...
The California Privacy Rights Act (CPRA) entered effect on Jan 1, 2023. The opt-out of sale and share requirement under the CPRA mandates business to have a clear “Do Not Sell or Share My Personal Information” link, allowing customers to exercise their right to opt-out while providing them with a CPRA-specific...
Ninety-four percent of recent survey respondents are concerned that TLS 1.3 will break their existing security controls. With the ever-expanding amount of encrypted network traffic mandated, it’s important to understand how to balance user and customer privacy with security controls. Join experts from Cisco Security...
Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer. Code42's Joe Payne shares the challenges of detecting source code theft and ways to protect intellectual property wherever it resides.
Organizations that work with or within the healthcare industry need to prioritize and manage security and privacy-related risk and compliance programs. As the global standard for safeguarding information, HITRUST delivers a scalable, prescriptive, and certifiable framework that enables organizations to demonstrate...
A government watchdog is urging NASA to make multiple improvements to its cybersecurity and risk management policies to counter threats to the space agency's network, infrastructure and data. NASA, in turn, is working toward making some security improvements outlined by the GAO by the end of this year.
The BeyondTrust Microsoft Vulnerabilities Report, produced annually, analyzes the
data from security bulletins issued by Microsoft throughout the previous year. Every
Tuesday, Microsoft releases fixes for all vulnerabilities affecting Microsoft products,
and this report compiles these releases into a year-long...
Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.
Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.