#ThirdPartyVendors

Are SOC 2 Reports Sufficient for Vendor Risk Management?

by

July 5, 2024 at 10:21AM Businesses heavily rely on third-party vendors for various services, but this dependence introduces security vulnerabilities. Cybercriminals exploit weaknesses in vendors to target organizations, making robust vendor risk management crucial. While SOC 2 reports are useful, they have limitations. Organizations should supplement them with security questionnaires, testing, contractual agreements, and ongoing … Read more

FBI: Ransomware gangs hack casinos via 3rd party gaming vendors

by

November 8, 2023 at 11:51AM The FBI warns that ransomware threat actors are targeting casinos by exploiting vulnerabilities in vendor-controlled remote access and using legitimate system management tools. Small and tribal casinos have been targeted, with the Silent Ransom Group and Luna Moth carrying out phishing, data theft, and extortion attacks. The FBI advises implementing … Read more

FBI Highlights Emerging Initial Access Methods Used by Ransomware Groups 

by

November 8, 2023 at 06:39AM The FBI has warned about ransomware operators using third-party vendors and services to gain initial access to victim environments. Threat actors exploit vulnerabilities in vendor-controlled remote access and legitimate system management tools to elevate permissions in victim networks. The FBI urges organizations to take measures such as creating backups, reviewing … Read more