Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Weekly Brief: Driftnet Edition | Automatically Enforce Vendor Security Standards

In this week's SecurityScorecard Weekly Brief, Brandon Torio explains how leading security organizations are moving beyond annual vendor reviews and enforcing security standards continuously. Instead of waiting for the next assessment cycle, mature security teams are defining clear security policies, and automatically identifying when vendors fall out of compliance. With Driftnet and TITAN Secure, organizations can.

CASB vs DLP: Key Differences and When to Use Each

Security leaders evaluating cloud access security broker (CASB) and data loss prevention (DLP) tools often discover the two categories overlap just enough to create budget friction and just little enough to leave real gaps. A CASB can flag risky file-sharing behavior in Salesforce without ever inspecting the content inside the file. A traditional DLP tool can classify that same file as containing source code without knowing whether the sharing link is public.

FCI vs CUI: What Determines Your CMMC Level

CMMC is increasingly important for the overall security of the government, and by extension, the people. Threats are continually evolving, so security standards have to rise to meet them. Programs like CMMC exist to enforce standards capable of resisting most common threats and protecting sensitive information. It's no surprise, then, that more and more businesses are finding CMMC to be mandatory for the government contracts they want to win.

Powerful LDAP extended controls: Anti-remediation and invisible recon in AD

I ran an audit against every MS-ADTS LDAP extended control. Most behave exactly as documented; two stood out for potential offensive use. Both abusing legitimate controls, but neither a privilege escalation: The unifying theme: a documented LDAP control, used as intended at the mechanism level, produces an effect Microsoft's telemetry and most defenders don't expect. Demonstrated against a two-DC cloud.lab (Windows Server 2022, forest functional level 2016). Lab / authorized-research context only.

How to achieve 3-day compliance audits

At enterprise scale, the audit season never really ends. An enterprise security program carries responsibility for a growing number of compliance frameworks, across all business units and regions, with overlapping cycles. In essence, the team is always preparing for another one. Before an external auditor starts the clock, teams run internal readiness checks, which industry sources estimate take four to eight weeks. Why so long?

How Brand Impersonation Leads to Account Takeover (ATO)

Brand impersonation and account takeover (ATO) are often treated as separate security problems. One is viewed as a phishing or brand abuse issue. The other is viewed as an authentication or fraud issue. Attackers often see them differently. Many ATO attacks begin long before a login attempt appears on a dashboard. They begin when a customer encounters a fake website, fraudulent search result, impersonating social media profile, cloned mobile app, or spoofed communication that appears legitimate.

NIST 800-53 Controls: Master Implementation in 2026

You're probably in one of two situations right now. Either an auditor has asked for proof that your controls operate, or your SOC is collecting plenty of telemetry but nobody can cleanly map that activity back to NIST 800-53 controls. Both problems usually come from the same gap. The framework lives in policy binders, while the evidence lives in scattered tools. That gap gets painful fast in FedRAMP, CMMC-aligned, and other regulated environments.

CVE-2026-33017: Langflow RCE Deploys Monero Miners on AI Servers

Enterprises are standing up AI application frameworks like Langflow faster than security teams can review them. These platforms let teams build and automate generative AI workflows in days instead of months, but that speed comes with a cost: many instances go live with default settings, get exposed to the internet, and never make it onto a security team’s radar. CVE-2026-33017 shows exactly what happens next.

CVE-2026-46817: Oracle EBS Payments Vulnerability Under Active Exploitation

Oracle E-Business Suite (EBS) sits at the center of finance, procurement, and payment operations for many large enterprises. When a critical vulnerability surfaces in a module like Oracle Payments, the impact reaches well past IT. It touches financial data, transaction integrity, and regulatory exposure. CVE-2026-46817 is exactly that kind of vulnerability, and it is now being actively exploited.