CyberSecurityBoard
Sponsor Register Login

Risk & Repeat: Inside the Microsoft SFI progress report | TechTarget

But will the changes be enough to prevent a repeat of the Storm-0558 attack? How much technical debt is Microsoft facing in its effort to improve security? What does the SFI progress report say about the current state of SecOps? TechTarget editors Rob Wright and Beth Pariseau discuss those questions and more on this episode of the Risk & Repeat podcast. Microsoft last week released the first progress report for its Secure Future Initiative, which outlined several changes the tech giant has made to its security posture this year. The CSRB report slammed Microsoft for numerous security failures that allowed a Chinese nation-state threat group known as Storm-0558 to breach the company and gain access to email accounts of 22 customer organizations, including several federal agencies. The SFI progress report highlighted changes Microsoft made to bolster security around its engineering systems, employee identities, tenants and production systems. The first Secure Future Initiative progress report highlighted improvements to Microsoft's security posture. Microsoft's SFI was launched last November and further expanded this spring following a scathing report from the Department of Homeland Security's Cyber Safety Review Board.

This Cyber News was published on www.techtarget.com. Publication date: Tue, 01 Oct 2024 16:43:06 +0000


Cyber News related to Risk & Repeat: Inside the Microsoft SFI progress report | TechTarget

Microsoft SFI progress report elicits cautious optimism | TechTarget - "After a year, it looks like Microsoft has made some smart and substantive initial progress in elevating security across the whole organization: investment in security-focused head count, inclusion of security into performance reports across the ...
1 month ago Techtarget.com
Risk & Repeat: Inside the Microsoft SFI progress report | TechTarget - But will the changes be enough to prevent a repeat of the Storm-0558 attack? How much technical debt is Microsoft facing in its effort to improve security? What does the SFI progress report say about the current state of SecOps? TechTarget editors ...
1 month ago Techtarget.com
Microsoft security overhaul offers blueprint for SecOps | TechTarget - 23, nearly a year after Microsoft kicked off the initiative in response to a scathing report from the U.S. Department of Homeland Security's Cyber Safety Review Board about a "cascade of security failures" that led to a breach of email systems ...
1 month ago Techtarget.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
10 months ago Cyberdefensemagazine.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
10 months ago Techtarget.com
MoveIt Transfer vulnerability targeted amid disclosure drama - Another vulnerability in Progress Software's MoveIt Transfer product is under attack amid an apparent leak of flaw. In security alerts published on Tuesday, Progress detailed two critical improper authentication vulnerabilities, one tracked as ...
4 months ago Techtarget.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
9 months ago Darkreading.com
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
11 months ago Securityboulevard.com
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
10 months ago Helpnetsecurity.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
Critical Start Implements Cyber Risk Assessments With Peer Benchmarking and Prioritization Engine - PRESS RELEASE. PLANO, Texas, Jan. 11, 2024 /PRNewswire/ - Today, Critical Start, a leading provider of Managed Detection and Response cybersecurity solutions and pioneer of Managed Cyber Risk Reduction, announced general availability of Critical ...
10 months ago Darkreading.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
5 months ago Cisa.gov
Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines - Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents ...
9 months ago Cyberdefensemagazine.com
How to Complete an IT Risk Assessment - An effective security strategy needs to put managing risk at the heart of its approach. An IT risk assessment process is used by organizations to identify and prioritize the most pressing risks to their IT environment. Naturally, it focuses on IT ...
11 months ago Heimdalsecurity.com
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
9 months ago Securityzap.com
The ONE Thing All Modern SaaS Risk Management Programs Do - Reducing SaaS risk is, without a doubt, a difficult challenge. Gaining visibility into all the SaaS apps used across an enterprise is hard enough, but it becomes an even greater challenge when only a portion of the apps go through the company's ...
7 months ago Securityboulevard.com
MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers - Attackers appear to be pounding away at a couple of critical bugs that Progress Software disclosed this week in its MOVEit file transfer application, with nearly the same ferocity as they did the zero-day flaw the company disclosed almost exactly a ...
4 months ago Darkreading.com
Exploiting an API with Structured Format Injection - Even today, we continue to see abuse of tainted data taking out the apps and infrastructure we use daily. While input validation is improving in frontend web apps, it's not uncommon to bypass this altogether and go straight to attacking the APIs. ...
10 months ago Securityboulevard.com
What Are the 6 Types of Risk Assessment and How Do They Work? - Risk assessment is a tool used to help quantify potential risks in a certain situation. It can be used in many different scenarios, including business operations, financial decisions, and also cybersecurity. A risk assessment helps you identify areas ...
1 year ago Thehackernews.com
How to Do a Risk Analysis Service in a Software Project - Software projects are vulnerable to countless attacks, from the leak of confidential data to exposure to computer viruses, so any development team must work on an effective risk analysis that exposes any vulnerabilities in the software product. A ...
11 months ago Feeds.dzone.com
The Cyber Risk Nightmare and Financial Risk Disaster of Using Personal Messaging Apps in The Workplace - This practice, which is unfortunately still widespread in an environment of relentless cyberattacks, is fraught with major cyber and financial risk. Unsecure messaging apps are a gateway for cybercriminals to access, expose and exploit an ...
10 months ago Cyberdefensemagazine.com
Meet the Cisco Security Risk Score - In April 2023, we rebranded our risk-based vulnerability management solution, Kenna. Effective immediately, the Kenna Risk Score is renamed to the Cisco Security Risk Score. VI is renamed to Cisco Vulnerability Intelligence, and Kenna. To strengthen ...
11 months ago Feedpress.me
CISOs Need to Take a Holistic Approach to Risk Management - Although the traditional approach to cybersecurity typically revolves around mitigating threats and vulnerabilities, these tactics are no longer enough to protect businesses effectively. There is now a need for a more comprehensive, holistic approach ...
10 months ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)