Qatar 2022 Cybersecurity Framework Executive Summary Report
The Qatar 2022 Cybersecurity Framework, The Capability Description – Cybersecurity Governance section (Chapter 2) focuses on overall cybersecurity strategy. This report enables CISOs to have a quick...
View ArticlePrintNightmare
On July 6, Microsoft updated its advisory to announce the availability of out-of-band patches for a critical vulnerability in its Windows Print Spooler that researchers are calling PrintNightmare....
View ArticleQatar 2022 Cybersecurity Framework Report
The FIFA 2022 World Cup™ has a global audience, and presents complex security concerns across a large number of entities. The State of Qatar is addressing cybersecurity and privacy needs by providing...
View ArticleGetting Started With Active Directory
Scanning the network for vulnerabilities to keep assets secure and intruders out is common practice. Organizations conduct periodic external scans to detect vulnerabilities, open ports and protocols....
View ArticleDHS CISA Binding Operational Directive 22-01 Report
On November 3rd, 2021, CISA issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities establishing a CISA managed catalog of known exploited...
View ArticleRisk Altering Events
There are several events that often cause the risk posture of an asset to change, such as a new user account or a service stopping or starting; these are called risk-altering events. Organizations use...
View ArticleOperations ACR Summary
As assets and networks become more dynamic, maintaining visibility requires grouping and prioritizing business-critical assets and the risk associated with them. The increasing persistence of attackers...
View ArticleExecutive ACR Summary
As assets and networks become more dynamic, maintaining visibility requires grouping and prioritizing business-critical assets and the risk associated with them. The increasing persistence of attackers...
View Article2021 Threat Landscape Retrospective Executive Report
2021 was certainly a turbulent year, punctuated with the revelation of a critical vulnerability in the widely-used Apache Log4j library. The lingering Covid-19 pandemic had already accelerated online...
View Article2021 Threat Landscape Retrospective Operations Report
2021 was certainly a turbulent year, punctuated with the revelation of a critical vulnerability in the widely-used Apache Log4j library. The lingering Covid-19 pandemic had already accelerated online...
View ArticleCISA Alert Summary
On November 3rd, 2021, Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, which...
View ArticleContiLeaks Vulnerabilities
A security researcher posted private chat messages between members of the Conti ransomware group, providing valuable insight into which vulnerabilities are leveraged by the group and affiliates in...
View ArticleMitigation Summary Report
Identifying both the current vulnerabilities and the vulnerabilities that have been mitigated provides IT managers an accurate picture of the health of their organization's network. Tenable.sc...
View ArticleEstablishing a Software Inventory
In the event of a security breach, a software inventory is essential to determine what was breached, and who needs to be notified. First responders require a software inventory to perform forensic...
View ArticleRansomware Ecosystem
Ransomware has evolved into an ecosystem with multiple players and an expanded threat model. Ransomware groups now deploy a double extortion technique, where they both encrypt and exfiltrate their...
View ArticleMaintaining Data Protection Controls
Many data protection regulations, such as PCI DSS and HIPAA, levy heavy fines for data breaches of sensitive information. Effective data protection controls are necessary to avoid breaches of...
View ArticleWeb Services
Web applications often have the ability to interface with system functions and critical databases to add or modify data. By design, web applications need to enable customers and users access to this...
View ArticleTenable Web App Scanning Overview
The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This report provides...
View ArticleWAS Executive Summary
From e-commerce to online banking, the world is interconnected with web applications. The internet provides a contactless method to conduct office meetings, engage with healthcare professionals, shop,...
View ArticleOWASP Categories
Web application security is a key concern for any organization that develops or uses web applications. The software security community created the Open Web Application Security Project (OWASP) to help...
View Article