Dec 30, 2026Ravie LakshmananMalware / Cyber Espionage The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting… Read More "Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor"
First-party cyber insurance refers to coverage for the business’s direct losses and expenses after a cyberattack, such as lost revenue, public relations support, and costs related to the recovery of lost data. Meanwhile, third-party cyber insurance is liability coverage that… Read More "6 cyber insurance gotchas security leaders must avoid"
In cryptography, encryption is the process of encoding information or sensitive data so only authorized parties can access it. Encryption does not itself prevent interference and man-in-the-middle attacks, but denies intelligible content to the interceptor. How Does Encryption Work? In an encryption scheme, the… Read More "What is Encryption? | UpGuard"
“You have to patch what needs to be patched, not just what can be patched,” Moody added. “You don’t have 30 days to do testing, plan down time. You no longer have the luxury of saying, ‘We’re going to push… Read More "Patch Tuesday 2025 roundup: The biggest Microsoft vulnerabilities of the year"
.jpg?w=1140&resize=1140,855&ssl=1 "Free GDPR Vendor Security Questionnaire Template (2025 Edition)")
The European Union’s (EU’s) General Data Protection Regulation (GDPR) is one of the world’s most robust data privacy laws. The regulation requires all organizations that do business in the EU or collect data from EU residents to comply with various… Read More "Free GDPR Vendor Security Questionnaire Template (2025 Edition)"
Da Mitarbeitende heutzutage mobiler denn je sind, rückt das Thema Endpoint Security stärker in den Fokus der Netzwerksicherheit und muss in das Cybersicherheitskonzept integriert werden. „Um eine starke Endpunktsicherheit zu gewährleisten, sollten Unternehmen einen umfassenden, mehrschichtigen Ansatz verfolgen, der alle… Read More "Sieben Anzeichen dafür, dass Ihr Cybersecurity-Framework überarbeitet werden muss"
The European Union Agency for Cybersecurity (ENISA) published its Risk Management Standards report on March 16, 2022. The report’s primary objective was to produce an organized overview of all published standards that address aspects of risk management. Subsequently, ENISA aimed… Read More "An Overview of ENISA’s Risk Management Standards Report"
Today’s rapidly evolving digital world requires organizations to build a robust cybersecurity plan to safeguard internal infrastructures and oversee third-party vendors’ cyber health. The Essential 8 is a cybersecurity framework developed by the Australian Signals Directorate designed to help organizations… Read More "Meeting the Third-Party Requirements of the Essential Eight"
A post-data breach questionnaire is essential for evaluating the impact of a third-party breach on your organization. This due diligence also ensures complaints with expanding data breach protection standards sweeping across government regulations. This post outlines a template to inspire… Read More "Vendor Post-Data Breach Questionnaire (Free Template)"
If you’re considering partnering with a service provider, it’s essential also to consider the security risks they could introduce to your organization. In this post, we outline the primary cybersecurity risks associated with service providers and provide tips for managing… Read More "Evaluating & Managing Service Provider Security Risks"
