Attack surface management

Design lessons from PyPI's Quarantine capability, effective ways for appsec to approach phishing, why fishshell is moving to Rust component by component (and why that's a good thing!), what behaviors the Cyber Trust Mark might influence, and more!

We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE ha...

SecurityWeek reports that Rockwell Automation has issued fixes for a trio of critical flaws impacting Allen-Bradley PowerMonitor 1000 instances, which could be leveraged to infiltrate and disrupt industrial systems.

Semperis’ Hybrid Identity show kicks off with a Microsoft mea culpa, hospital war games and an appeal for a coalition of the willing among cyber defenders.

Using simple prompts, the AI-powered tool generates tailored scenarios that address varied cyberattack types such as ransomware and supply chain threats, enabling security teams to prepare for specific threat actors and industry-related risks.

Guessing the answer is yes. Well, let's talk about some of the simple ways you can avoid account compromises by strengthening your identity security through MFA, least privilege, account reviews, and all the things! This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them! This segment is spon...

Here's how managed security services, including MDRs and MSSPs, provide proactive protection such as vulnerability management and attack surface management.