Microsoft Trims Cloud Cyberattack Surface in Security Push

September 23, 2024 at 05:51PM Microsoft’s Secure Future Initiative (SFI) aims to enhance security by eliminating 730,000 unused apps, 5.75 million inactive cloud tenants, and deploying 15,000 secure devices. Video-based identity verification for most production staff and updated processes further strengthen security. The initiative also focuses on reducing attack surface, enhancing authentication mechanisms, and improving … Read more

Thousands of ServiceNow KB Instances Expose Sensitive Corporate Data

September 18, 2024 at 01:42PM ServiceNow’s enterprise knowledge bases (KBs) continue to expose sensitive corporate data, despite last year’s security improvements. AppOmni’s research found 45% of instances leaked internal data due to outdated configurations and misconfigured access controls. ServiceNow acknowledged the issue and identified changes but encountered challenges protecting KBs due to internal and external … Read more

FBI Exposing Sensitive Data via Improper Handling of Storage Devices: Audit

August 23, 2024 at 05:51AM The Department of Justice’s Office of the Inspector General reports that the FBI fails to securely manage decommissioned electronic storage media, containing both sensitive law enforcement and national security information. The devices were not properly labeled, stored, tracked, or secured, posing a risk of loss or theft. The OIG recommends … Read more

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

August 1, 2024 at 05:54AM Google has introduced app-bound encryption to Chrome on Windows to enhance browser security. This new feature prevents malicious applications from accessing encrypted data, increasing the difficulty for attackers. The change applies only to cookies currently but may expand to include passwords and payment data in the future. This is part … Read more

CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management

March 12, 2024 at 07:27AM Organizations are increasingly considering establishing a Continuous Threat Exposure Management (CTEM) program to reduce cyber risk. The CTEM approach combines attack simulation, risk prioritization, and remediation guidance to identify and address the most urgent risks and vulnerabilities. CTEM offers advantages over alternative approaches, covering all assets and continuously discovering all … Read more