Security Researcher Sahad Nk recently discovered a string of webapp vulnerabilities in Microsoft (Office & Live Login System), that could allow an attacker to easily gain access to organizations emails and data on Office. Though individually the vulnerabilities were not severe, but when connected together could lead to critical data loss.… Read More
A recently disclosed data leak impacts around 700,000 AmEx India customers, exposing Personally Identifiable Information (PII) like Names, Emails & Telephone numbers. This leak highlights the perils of Shadow IT, and why organizations should look into building a continuous digital risk monitoring program. Here’s a brief on what you need to know:
What Was Exposed?… Read More
Digital Footprint is the information about the organization that exists on the Internet as a result of their online activity. Organizations’ digital footprints are expanding and changing at a formidable rate. Employees, suppliers and other third-parties are exposing sensitive information without their knowledge. This sensitive data can leave organizations exposed and are used by attackers to exploit organizations.… Read More
Many organizations have hundreds of vendors and the Third-Party risk exposure is one of the biggest threats. Most of the organizations depend upon partners, vendors, suppliers, contractors and other third-parties for day-to-day operations. Each of them presents some potential risk to the organization.
Third-Party Risk Management programs helps in assessing the cybersecurity of vendors/3rd parties that handle an organization’s sensitive data or have access to internal IT systems.… Read More
Shadow IT refers to IT applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department. Shadow IT risks exists in most organizations but most IT leaders and CISOs underestimate about its reach. In this blog, we will uncover the important facts that every business leader should understand about Shadow IT. … Read More
Domain hijacking is the act of changing the domain name registration without the original Registrant’s permission, or by abuse of privileges on domain hosting and registrar software systems. It is a form of theft that takes place online, where the thief/attacker takes access of a domain without the consent of the domain registrant.… Read More
Credential stuffing is a method that hackers use to infiltrate a company’s system by automated injection of breached username & password pairs. Attackers use credentials to bypass anti-spam and firewall devices and access users accounts. Once they were inside the company network, they can send phishing emails or compromise company systems/data.… Read More
Shadow IT threats involves pushing back on any initiatives that try to bypass IT and fighting the line of business managers for ownership of these projects. Shadow IT opportunity involves transforming shadow IT into official line-of-business shortcuts and becoming the corporate champion of innovative initiatives. Below are a few ways one could looks at Shadow IT as an opportunity.… Read More
Shadow IT refers to IT applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department. Shadow IT risks exists in most organizations but most IT leaders and CISOs underestimate about its reach.
Problems: Shadow IT will open up to many security risks of business such as enterprise security risks, data privacy risks and compliance risks.… Read More