Insights

In today's digital-first world, cloud security is more critical than ever. Microsoft Defender for Cloud Apps (MDCA) offers a comprehensive and intelligent solution for securing cloud environments. At Integrity360, we help organisations harness its full potential. From tailored implementation and integration to ongoing monitoring, compliance management, and optimisation, our managed services ensure your cloud infrastructure is secure, compliant, and resilient against threats.

Fortinet –  CVE-2024-23113 (CVSS score: 9.8)

This vulnerability was initially published on 08 February 2024.

Data security is and will always be one of the top priorities for every organisation. It’s not just a valuable asset - it’s high-risk and often the primary target for threat actors. The risk of exposure has grown significantly as data moves into cloud apps. Consider this: according to the 2024 AppOmni State of SaaS Security Report, 30% of 644 organisations surveyed suffered a data breach in their SaaS applications last year

Organisations across Europe are bracing for the full implementation of the NIS2 Directive (Network and Information Systems Directive 2). This updated legislation, which strengthens the security requirements for critical infrastructure, will become applicable by 18th October 2024. While it is an EU directive, its impact extends beyond the EU borders, affecting UK-based companies as well, despite the UK no longer being an EU member. 

In the fast-paced realm of cyber security, it's easy to assume that as new technologies emerge, the old ones fall away. Does this really apply to Cloud Security Posture Management (CSPM), with some questioning whether it's still relevant. Is CSPM dead, as some would suggest, or has it simply evolved into a more complex form? The short answer: CSPM is very much alive, but it now operates within a broader framework. Let’s explore what CSPM was designed to do, how it’s now integrated into Cloud-Native Application Protection Platforms (CNAPP), and why it remains the foundation for many of your cloud security challenges. 

In today's digital world, cyber security threats evolve at an alarming rate, making it increasingly difficult for businesses to keep up. Traditional methods such as Penetration Testing or Red Team Testing are often limited to one-off or periodic engagements, which while essential and valuable, may leave gaps in continuous visibility of exposure. This is where Continuous Threat Exposure Management (CTEM) steps in, offering a proactive, cyclical approach to ensure businesses are always ahead of the curve.  

Overview: A newly reported vulnerability in the Common Unix Printing System (CUPS) poses a significant security threat to UNIX-based systems, including Linux and macOS. Security researcher Simone Margaritelli has published the first of a series of blog posts detailing the issue, which can be exploited by sending a specially crafted HTTP request to the CUPS service. This vulnerability allows remote attackers to gain access to affected systems and execute arbitrary code, potentially escalating privileges and compromising critical assets.

The constant influx of CVEs (Common Vulnerabilities and Exposures) can make it difficult for businesses to keep up, leaving critical assets at risk. Added to this, organsations also have to deal with many other types of exposures, such as inappropriate identity permissions, or cloud platform misconfigurations. To address this challenge, Integrity360 is now offering Continuous Threat Exposure Management (CTEM) as a Service, providing organisations with a comprehensive solution to identify, prioritise, and manage the greatest risks to their critical assets, whether on-premises, in the cloud, or in a hybrid environment. 

New service addresses the resource gap that can result from CTEM

The Internet of Things (IoT) has transformed the way we connect and interact with technology, enabling devices from smart thermostats to industrial machinery to communicate seamlessly over the internet. However, with this connectivity comes a unique set of challenges in securing these devices and ensuring they aren't a gateway for cyberattacks. This is where IoT penetration testing comes in. 

The legal sector has seen a dramatic 77% increase in successful cyber attacks over the past year, with incidents rising from 538 in 2022/23 to 954 in 2023/24. This rise is largely due to the sensitive and valuable nature of the information that law firms hold, making them prime targets for cybercriminals.

In today’s fast-paced and technology-driven world, having a robust Business Continuity Plan is crucial. However, a Business Continuity Plan is not complete without a strong focus on integrating threat detection and response mechanisms. In this blog, we'll explore why integrating threat detection and response is essential and how to effectively incorporate it into your Business Continuity Plan.