Cisco, Ivanti, Oracle, and several others issued patches for a variety of serious vulnerabilities this week, many of them accompanied by proof-of-concepts (PoC) released by researchers. Once released, the PoC starts the clock for active attacks, especially for security tools, as demonstrated in active attacks on Palo Alto’s PAN-OS vulnerability fixed the week before. Adam Murayama, Field CTO of Garrison Technology, warns that “attackers know the value of targeting cybersecurity software: they not only defuse the security mechanism, but also gain the elevated system privileges and network posit ..read more

ShadowRay is an exposure of the Ray artificial intelligence (AI) framework infrastructure. This exposure is under active attack, yet Ray disputes that the exposure is a vulnerability and doesn’t intend to fix it. The dispute between Ray’s developers and security researchers highlights hidden assumptions and teaches lessons for AI security, internet-exposed assets, and vulnerability scanning through an understanding of ShadowRay. Table of Contents Toggle ShadowRay Explained ShadowRay Indirect Lessons Bottom Line: Check & Recheck for Significant Vulnerabilities ShadowRay Explained The AI ..read more

Last week’s cybersecurity incidents revealed significant vulnerabilities across multiple platforms. Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security. To mitigate these risks, users must promptly apply vendor-provided software patches and updates, as well as exercise vigilance when using online services and apps. You can strengthen your ..read more

NordPass is a relatively new password management solution with a fresh approach to password protection and an emphasis on new, efficient security technology. Password managers offer features like password sharing, browser autofilling, and user management. NordPass includes all these features and more, but make sure you choose a plan that has everything you need — the Enterprise plan is NordPass’s most extensive. What You Need to Know about NordPass NordPass is a good solution for businesses that want to experiment with different security approaches, like a newer encryption method or key de ..read more

Data loss prevention (DLP) best practices are principles that help prevent intentional or unintentional data erasure. By following these guidelines, organizations can reduce the detrimental impact of data loss and quickly resume operations after an incident. This also protects sensitive data and minimizes legal and reputational issues. Explore some real-world instances below and discover when and how to use DLP procedures for optimal data security. Table of Contents Toggle When Should You Incorporate a DLP Strategy? 12 Data Loss Prevention Best Practices 3 Real Examples of DLP Best Practices ..read more

Keeper is a password manager for teams of all sizes, from small businesses to managed service providers. Password managers include core password protection features like encryption, two-factor authentication, and reporting. Keeper offers all of these, as well as a privileged access management add-on module and APIs for developer teams. Consider Keeper if you need either an inexpensive plan with limited features or extensive enterprise capabilities. What You Need to Know About Keeper Keeper is suitable for SMBs, but smaller teams will need to pay for one of the more extensive plans if they ..read more

Open-source vulnerability assessment tools are effective security scanners to detect missing patches, misconfiguration, and other vulnerabilities. These scanners also publish their code publicly and provide a free version with most, if not all, features. To help you select the best tool, we picked the top two tools in each of three categories: devices (endpoints, routers, containers, etc.), websites and applications (aka web and app), and specialty scanners for specific assets. Here are the six best open-source vulnerability scanners: Nmap: Best device scanner overall OpenVAS: Best device sca ..read more

SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. They serve as benchmarks for upholding strong security requirements, evaluating existing tools, and assessing potential solutions. These checklists include security standards and best practices for SaaS and cloud applications, and B2B SaaS providers use them to guarantee that their solutions match customer security standards. Table of Contents Toggle Free SaaS Security Checklist Template Data Security & Threat Detection Framework Compliance SaaS Vendor Evaluation IT Infrastructure An ..read more

This week, Ivanti takes center stage again with a new set of security flaws, but it’s got plenty of company: Google, ecommerce platform Magento, and WordPress plugin LayerSlider join it, as well as version 2 of Hypertext Transfer Protocol. eSecurity Planet also follows up on a Linux-based vulnerability mentioned in last week’s recap. I recommend immediately updating any devices or software versions if your business uses any of the following products. March 27, 2024 Recently Patched SQL Injection Issue Affects LayerSlider Plugin Type of vulnerability: Unauthenticated SQL injection. The problem ..read more

Data loss prevention (DLP) refers to a set of security solutions that identify and monitor information content across storage, operations, and networks. DLP solutions help detect and prevent potential data exposure or leaks. They apply policies dynamically, manage business data rights, and automate data processes to effectively protect sensitive information. An effective DLP solution provides the security team a complete visibility of their networks. To determine if the DLP solution is ideal for your organization, explore how it works, its benefits, best practices, deployment considerations, a ..read more