GRC Newsflash: SEC Risk Updates
Today’s edition of GRC Newsflash features our Compliance Specialist Frank Kyazze, and covers Risk Updates from the SEC announced on July 26, 2023.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Using HTTP request smuggling to hijack a user's session - exploit walkthrough
During a recent customer engagement, I came across an instance of a rather rare vulnerability class called HTTP request smuggling. Over the course of several grueling days of exploit development, I was eventually able to abuse this vulnerability to trigger a response queue desynchronization, allowing me to capture other users’ requests, leading to session hijacking.
Demo: Tanium Vulnerability Risk and Compliance for ServiceNow
The Vulnerability Risk and Compliance demo provides an end-to-end walkthrough of the VRC solution including.
Pythons and Birds: Duolingo and Telegram Hacked?
In this week's episode, Bill and Robin explore the dangers of programmatic interfaces! The language-learning website, Duolingo, has fallen victim to an API exploit which has exposed 2.6 million user accounts, and there's threat actors on the dark web who are using Python to subversively change messages in Telegram threads. What's happening in the world, why should you care, and how can you stay protected?
What's new in Calico Enterprise 3.18: Major workload-centric WAF updates and more
This release, we’re really excited about major improvements to Calico’s workload-centric WAF. We’ve made it much easier for users to configure and deploy the WAF in just a few clicks and we’ve also made it much easier to review and manage WAF alerts through our new Security Events feature.
Move from a High-Cost Legacy SIEM to High-Speed Falcon LogScale
The fastest adversary can “break out” — or move laterally — in only seven minutes after compromising an endpoint. Yes, you heard that right. Seven minutes. In the relentless race against adversaries, every second counts. To avoid breaches, you need to detect and stop adversaries before they can break out and expand their realm of control.
SEC Risk Updates: GRC Newsflash
Today’s edition of GRC Newsflash features our Compliance Specialist Frank Kyazze, and covers Risk Updates from the SEC announced on July 26, 2023.
Beware of fake content & data! #shorts
Spot fake content and data with RKVST's Instaproof.
What Is an Attack Surface?
An attack surface refers to all the possible points, also called attack vectors, where cybercriminals can access a system and steal data. When an attack surface is small, it’s easier to manage and protect, making it essential to reduce your attack surface as much as possible. Continue reading to learn more about attack surfaces and how you can reduce your organization’s attack surface by following a few of our tips.
Federal Agencies Face 9/30/23 Deadline to Submit Detailed Plan for Implementing 2021 Cybersecurity Executive Order
In mid-August, U.S. national security advisor Jake Sullivan sent a memo to cabinet secretaries of agencies outside the Pentagon dinging them for not complying with deadlines and steps in the 2021 Executive Order 14208 on Improving the Nation’s Cybersecurity. In doing so, he set a new timeclock ticking for submitting a detailed implementation plan by the end of September… just a few weeks away from this writing.