April 18, 2024 at 08:42AM Over 32 years in cybersecurity, managing risks related to service accounts has been a constant challenge. Service accounts should have limited access and perform specific functions. However, managing and securing them is often overlooked. Common gaps in knowledge include lack of visibility and understanding of the necessity and ownership of … Read more
March 29, 2024 at 07:18AM JetBrains released TeamCity 2024.03, addressing 26 security issues and introducing semi-automatic security updates. They emphasized not sharing vulnerability details to protect clients using older versions. The update patches seven CVEs, including a high-severity flaw enabling bypass of two-factor authentication. JetBrains’ cautious approach follows a recent incident of a critical flaw … Read more
February 20, 2024 at 10:07AM The cyber insurance industry faces scrutiny due to skyrocketing premiums and complex policy terms. Underwriting processes are under fire as insurers struggle to keep up with rapidly evolving environments and threats. Modernizing data gathering and potential federal assistance programs are proposed to address the challenges faced by the cyber insurance … Read more
December 27, 2023 at 10:05AM The relationship between cyber-insurance providers and policyholders is strained due to the complex underwriting process and rising premiums. Cyber insurance is still in its early stages, experiencing growing pains. To establish a partnership, both parties need to focus on risk reduction and share electronic metrics for accurate policy pricing. Trust … Read more
November 14, 2023 at 08:09AM Summary: Join SecurityWeek and Saviynt for a live webinar on November 14 at 1PM ET to learn how to build trust in third-party relationships by implementing secure processes and tools. Topics covered include creating a secure Day-1 process, reducing risk through just-in-time access provisioning, and utilizing PAM processes to monitor … Read more
October 31, 2023 at 08:52AM Microsoft’s Patch Tuesday, which has been a monthly ritual for IT and security professionals for the past 20 years, aims to consolidate security updates into a planned release cycle. However, the high number of vulnerabilities and the growing dependence on Microsoft tools and services pose risks. Adversaries are becoming smarter … Read more