Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Technology companies are often seen as revolving doors of constantly shifting personnel. Whether they are seeking a better work environment or chasing a higher paycheck, these staff changes can hurt an organization’s progress. Worse yet, the customers are often negatively impacted by these changes in the continuity of established relationships.

‍Security is at the heart of what we do at Vanta—helping our customers improve their security and compliance posture starts with our own. Our team’s mission is to ensure that Vanta is a trusted and trustworthy steward of customer data. ‍ At Vanta, we believe that nurturing and scaling our security culture is one of the most powerful ways to achieve our mission. We define security culture as the norms, behaviors, and attitudes around security.

The cloud has become the new battleground for adversary activity: CrowdStrike observed a 95% increase in cloud exploitation from 2021 to 2022 and a 288% jump in cases involving threat actors directly targeting the cloud. Defending your cloud environment requires understanding how threat actors operate: how they’re breaking in and moving laterally, which resources they target and how they evade detection.

On Tuesday, August 29, 2023, VMware disclosed a critical authentication bypass vulnerability (CVE-2023-34039) in VMware Aria Operations for Networks–formerly known as vRealize Network Insight–that could result in a threat actor gaining access to the Aria Operations for Networks CLI by bypassing SSH authentication. The vulnerability was responsibly disclosed to VMware and has not been actively exploited in campaigns.

Arctic Wolf has been tracking multiple intrusions where Cisco VPN account credentials were harnessed by Akira ransomware for initial access. In a recent Cisco PSIRT advisory, Cisco stated they were aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations. Our case data supports the observation that affected accounts did not have MFA enabled.

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month.

This month's release rollup includes product updates and enhancements from Egnyte around AI-driven document summarization and helpdesk chatbot, workflow templates, and smart cache for Civil 3D. Below is a summary of these and other new releases. Visit the linked articles for more details.

When we put forward a vision for cybersecurity talking about building one platform that covers all security operations - or as we call it SecOps Cloud Platform - we could not have imagined that a month later, the world’s largest pure-play cybersecurity company would buy into this vision. This alignment is flattering, to say the least. Yesterday, Cole Grolmus of Strategy of Security published an article titled The Audacious Future of Palo Alto Networks.

Your security questionnaire workflow is the litmus test for the efficiency of your overall Vendor Risk Management program. If this pipeline gets congested, all of the VRM processes, depending on it, get disrupted, which impacts your security posture and heightens your risk of suffering a third-party data breach.