Security Boulevard

Get details on this supply chain attack.

The post “Shai-Hulud” npm Attack: What You Need to Know appeared first on Security Boulevard.

Discover how the best bank reconciliation software simplifies audits, ensures compliance, reduces errors, and strengthens financial transparency.

The post How the Best Bank Reconciliation Software Simplifies Audits and Strengthens Compliance appeared first on Security Boulevard.

September marks National Insider Threat Awareness Month, a reminder that some of the biggest security risks to an organization do not come from shadowy external hackers, but from the people already inside the walls. Employees, contractors, and trusted partners all … Read More

The post Insider Threats and the Power of Just-in-Time Privileged Access  appeared first on 12Port.

The post Insider Threats and the Power of Just-in-Time Privileged Access  appeared first on Security Boulevard.

Let's dive in and learn about his drive to expand Sonar's presence in Latin America, what a typical day looks like, and what fuels his passion both in and out of the office.

The post Day in the Life: Expanding Sonar into LATAM as a Country Manager appeared first on Security Boulevard.

For an extended period, cybersecurity has been characterized by the isolated operation of sophisticated tools. While endpoint protection, identity solutions, and network security each fulfill their respective functions, a critical vulnerability emerges when a threat circumvents these individual defenses. A delay often occurs upon the alteration of user behavior or the compromise of a device, creating a crucial communication gap that attackers can exploit.

At Dispersive Stealth Networking, we advocate for security as an integrated intelligence driven network access, rather than a collection of independent efforts. That's why we’re thrilled we’ve just announced our powerful integration with the CrowdStrike Falcon® platform, creating a unified solution that connects endpoint, identity, and network for real-time, proactive cyber defense.

The "Aha!" Moment: From Passive Defense to Active Intelligence

Think of it like this: your traditional security system is like a bouncer at a club with a static guest list. Our new solution is that bouncer with real-time feed from inside the club, updating him on who’s behaving and who’s causing trouble.

Here’s the magic behind it:

• CrowdStrike is the “Eyes and Ears.”The CrowdStrike Falcon platform continuously watches for suspicious activity on endpoints and monitors user identities. It assigns a risk score to every device and user in your network.
• Dispersive is the “Bouncer with a Brain.”Our Continuous Trust Authorization Network receives those risk scores in real time. Instead of just allowing or denying access, it adapts. If a user’s score suddenly jumps because they've tried to access a sensitive file or their device shows signs of compromise, Dispersive can instantly and automatically segment or isolate them from critical resources.

This isn’t just about blocking threats; it’s about predictive containment. We can stop an attack before it spreads, preventing a small incident from becoming a full-blown crisis.

Real-World Story: New American Funding Pilots the Integration

New American Funding (NAF), one of the nation’s leading mortgage lenders, is piloting the Dispersive + CrowdStrike integration to strengthen security without slowing business. In a highly regulated industry where employees, contractors, and vendors all need access to sensitive systems, NAF faced the challenge of enforcing a robust Zero Trust posture while keeping daily operations smooth.

By combining CrowdStrike Falcon’s continuous endpoint and identity risk scoring with Dispersive’s adaptive networking, NAF will be able to gain the ability to dynamically adjust access in real time. If a user or device shows elevated risk, the system can instantly segment or isolate them before lateral movement occurs, all without disrupting legitimate activity.

As Jeff Farinich, SVP of Technology and CISO at NAF, explains: “With Dispersive and CrowdStrike deployed together, we will gain the ability to see and act on user and device risk in real time. We could then provide risk-based access to network resources based on Zero Trust principles. It’s a powerful competitive advantage for us in both security and trust.”

With identity-based segmentation, automatic behavioral access controls, and adaptive authorization, NAF will explore how continuous authorization can transform Zero Trust from a concept into a business enabler.

The Dispersive + CrowdStrike Integration Provides:

• Enforcement of identity-based segmentation: Isolating different groups of users (e.g., employees, contractors, vendors) to prevent lateral movement in the event of a breach.
• The ability to apply automatic behavioral access controls: The system automatically responds to a change in risk, such as a user trying to access an unauthorized application, by restricting their access instantly.

• Strengthened Zero Trust: By providing risk-based access to network resources, clients can enforce a true zero-trust model, ensuring that only trusted users and devices have access to the resources they need, based on their current risk posture.

This result is a significant upgrade to an organization’s defenses, who will be able to proactively protect their systems and data without creating new bottlenecks or disrupting the user experience for legitimate users.

Key Takeaways

The future of cybersecurity isn't about buying more tools; it's about making your existing tools work together smarter. The Dispersive + CrowdStrike integration delivers continuous authorization and real-time containment, eliminating the silos that slow down your security teams and empowers you to respond to threats with unprecedented speed and precision. Organizations gain:

• Real-Time Containment: Stop attacks the moment risk is detected — from alert to isolation without manual delay.
• Identity-Aware Security: Continuous, risk-based access decisions ensure that only trusted users and devices get the right access at the right time.
• Predictive Defense: Prevent lateral movement and impersonation attacks by unifying endpoint, identity, and network intelligence.
• Stronger Zero Trust: Enforce true continuous authorization throughout the user journey, not just at login.
• Operational Simplicity: Automate containment without disrupting legitimate users — giving SOC and IT teams speed and control.

Watch the Demo 

Ready to see how a connected security posture can transform your defense? Explore the integration in the CrowdStrike Marketplace, on our website, or even better - request a demo today!

Header image courtesy of Gerd Altmann from Pixabay.

The post Continuous Authorization in Action: Dispersive+CrowdStrike Integration appeared first on Security Boulevard.

How Morpheus brings trusted cybersecurity frameworks to life through automation and intelligence.

The post Operationalizing NIST and MITRE with Autonomous SecOps appeared first on D3 Security.

The post Operationalizing NIST and MITRE with Autonomous SecOps appeared first on Security Boulevard.

Creators, Authors and Presenters: Silk, Torvik

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: Torvik From Tulip Tree Tech appeared first on Security Boulevard.

The post The Quality Era: How CISA’s Roadmap Reflects Urgency for Modern Cybersecurity  appeared first on AI Security Automation.

The post The Quality Era: How CISA’s Roadmap Reflects Urgency for Modern Cybersecurity  appeared first on Security Boulevard.

Check out the latest enhancements to our CNAPP product, including a more intuitive user experience with customizable dashboards, and stronger workload protection and data security. These improvements are designed to help you personalize workflows and gain deeper visibility across workloads, compliance frameworks and cloud databases.

Key takeaways

1. Tenable Cloud Security is now more personalized and globally accessible with customizable home dashboards and full Japanese language support to streamline user workflows.
    
2. Security visibility has been significantly deepened with new workload protection filters for clusters, expanded compliance support for the latest industry frameworks, and data security scanning for Oracle on AWS RDS.
    
3. The platform empowers security teams to work more efficiently by introducing new tools that help them quickly distinguish active threats from resolved issues and prioritize remediation efforts.

Drumroll, please! Today, we're excited to unpack a set of impactful updates to Tenable Cloud Security. They’re designed to streamline your workflow, expand your global reach and deepen your visibility across workloads, compliance frameworks and data stores. 

We've focused on giving you a more personalized and intuitive experience, so you can focus on your most important goal: reducing risk. With customizable dashboards, expanded language support and new security integrations, these enhancements all aim to make your cloud security team more efficient and effective. 

Let's dive in!

A smoother, more personalized workflow

Speed and focus are critical in cloud security. Spending time navigating interfaces from multiple vendors is a common industry-wide challenge. Our latest usability enhancements tackle this head-on.

• Set Your Default “Home” and “Favorite” Dashboards: You can now set a default “Home” dashboard for an instant, at-a-glance view of your most critical security insights. You can also mark frequently used dashboards as “Favorites” for quick access. This more personalized, adaptive interface lets you customize your workflow, speed up decision-making and reduce workflow friction.
• Hello, Japan! Full Japanese Language Support Is Here: Global security teams need localized tools to work efficiently. We're thrilled to announce that the entire Tenable Cloud Security console and our documentation portal are now fully available in Japanese. This is built on a new localization infrastructure designed to accelerate the rollout of additional languages, positioning us to meet global customer needs faster.

Deeper insights for workload protection

Pinpointing risk in complex, multi-cluster environments is a persistent challenge. Our new cloud workload protection (CWP) enhancements provide the clarity you need to prioritize effectively.

• Identify At-Risk Clusters and Their Vulnerabilities Faster: A new Clusters filter and column provide a unique way to visualize cluster-level vulnerabilities, with optional display for flexibility. This allows teams to be more efficient at identifying at-risk clusters, prioritizing remediation and reducing potential exposure.
• Focus On What’s Active. Now you can display only resolved vulnerabilities In the Workload > Vulnerabilities table. This new “Resolved” filter lets you hide remediated tasks, which saves your analysts time, keeps them focused on the riskiest threats and streamlines vulnerability workflows.

Stay ahead with up-to-date compliance and governance

Industry frameworks and security best practices are constantly evolving. We're committed to helping you stay ahead of the curve and simplify regulatory compliance across your multi-cloud and container environments. Tenable benchmark support now includes these versions:

• AWS Foundational Security Best Practices Standard v1.0.0 (FSBP)
• CIS Microsoft Azure Foundations Benchmark v2.0.0
• CIS Kubernetes Benchmark v1.8.0
• CIS Red Hat OpenShift Container Benchmark v1.5.0

With these updates, you can more easily implement consistent, industry-validated controls to strengthen your security posture.

Extending data security to more cloud databases

You can't protect what you can't see. Blind spots in cloud databases, especially for sensitive data in managed services, are a significant risk. That's why we've expanded our data security posture management (DSPM) scanning capabilities to include AWS RDS for Oracle. This extends your visibility into your sensitive data, improves your compliance posture and boosts your confidence in the data security of your cloud databases.

New resources and research from Tenable

Beyond our product updates, take advantage of these new resources for help in navigating your path toward unified risk reduction.

• New IDC white paper: Explore the intersection of exposure management and cloud security in the new IDC white paper, "Bridging cloud security and exposure management for unified risk reduction," commissioned by Tenable, and read the complementary blog post "Your Map for the Cloud Security Maze."
• Customer spotlight on Snoop: See how fintech customer Snoop is enforcing least privilege with Tenable Cloud Security in a new video and case study.
• New cloud security use cases: We are rolling out detailed use cases showing how Tenable helps you tackle key known challenges. Check out the first two:
  • Ecosystem View of Risk
    • Home page: "Ecosystem View of Cloud Security Risk"
    • Blog: "Breaking Down Silos: Why You Need an Ecosystem View of Cloud Risk"
  • Complete Cloud Lifecycle Visibility
    • Home page: "Get complete cloud risk visibility and SDLC security"
    • Blog: "No More Blind Spots: Achieving Complete SDLC Visibility in a Multi-Cloud World"

Already a customer? Log in to learn how these new features can strengthen your cloud security posture. Not yet using Tenable Cloud Security? Request a demo today.

The post What’s New in Tenable Cloud Security: A More Personalized, Global and Comprehensive Experience appeared first on Security Boulevard.

Every day, thousands of flights cross the skies above the Baltic Sea. Pilots expect their GPS systems to guide them safely through busy air corridors, just as they have for decades. But since Russia’s invasion of Ukraine in 2022, something has changed. Navigation screens flicker with false readings. Aircraft suddenly lose their bearings. Pilots find..

The post The Hidden War Above: How GPS Jamming Exposes Our Digital Vulnerabilities appeared first on Security Boulevard.

In December 2024, we warned against the rapid evolution of adversary tactics, techniques, and procedures (TTPs) in 2025. Our predictions have come true, as cybercriminals leverage millions of dollars in profits to develop new malware technologies and support them with increasingly sophisticated procedures.

The post Adversary TTPs are Rapidly Evolving: What It Means for Your SOC appeared first on Security Boulevard.

The DataDome + TollBit integration is now live. Start detecting, controlling, and monetizing AI traffic on your site in minutes—no dev work required.

The post Now Live: Monetize AI Traffic With DataDome & TollBit Integration appeared first on Security Boulevard.

Palo Alto, California, 18th September 2025, CyberNewsWire

The post Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks appeared first on Security Boulevard.

Wondering what your peers think of exposure management? New reports from the Exposure Management Leadership Council, a CISO working group sponsored by Tenable, offer insights. 

Key takeaways

1. The CISOs who make up the Exposure Management Leadership Council see exposure management as a strategic and game-changing approach to unified proactive security.
    
2. They believe exposure management can help them address a wide variety of challenges, from reporting to the board on cyber risk to AI security, controls monitoring, and driving accountability for vulnerability and exposure remediation.
    
3. To learn how exposure management can address these challenges, check out the inaugural report from the Exposure Management Leadership Council.

If you’re a CISO and you’re like me, you routinely seek your peers’ perspectives on emerging trends and daily challenges. From securing AI to communicating with the board about cyber risk, it’s crucial to know what’s working and what’s not.

With exposure management gaining significant market momentum, you may be wondering if your peers believe there’s any real substance to it.

The answer is a resounding yes. For proof, check out the perspectives of top security leaders who make up the Exposure Management Leadership Council, a working group dedicated to developing and advancing principles and best practices for exposure management.

The Exposure Management Leadership Council functions as a confidential, vendor-neutral forum where senior leaders can share candid insights and practical strategies for managing enterprise-wide exposure. As the Council’s sponsor, Tenable organizes quarterly meetings (which I facilitate), synthesizes meeting discussions into reports and shares these reports industrywide for the benefit of as many security practitioners as possible.

Because Council meetings operate under the Chatham House Rule to foster trust and openness, we don’t attribute any direct quotes or paraphrased statements to specific Council members.

What are CISOs saying about exposure management?

“Exposure management is extremely important for us. We have a very high threat profile and tend to be targeted heavily by advanced persistent threat groups.”

— Member of the Exposure Management Leadership Council

CISOs see exposure management as a solution to the boardroom communication gap

“Exposure management can shift the cyber conversation in the boardroom and make it more strategic.”

— Member of the Exposure Management Leadership Council

Council members believe exposure management can improve their ability to answer the following cyber-related questions that their boards of directors truly care about:

• How much cyber risk is the organization carrying?
• Does it exceed our appetite?
• What’s the potential business impact of this risk?
• What are the most critical areas to address?
• What’s the cost of inaction, and which risks are we willing to accept?

Exposure management enables CISOs to shift from reporting on siloed security operations metrics to communicating a clear, unified and business-driven view of an organization’s end-to-end cyber exposure. Council members see the potential for exposure management to help them create a standardized, repeatable and defensible process for measuring and reporting on risk — something akin to a cyber version of the accounting industry’s generally accepted accounting principles (GAAP).

To learn how exposure management can elevate board-level discussions of cyber risk, see the Exposure Management Leadership Council report, “Board Meetings and the Dreaded Cyber Risk Update: A Use Case for Exposure Management.”

How do CISOs distinguish between exposure management and vulnerability management?

Prioritizing vulnerabilities and driving accountability for remediation remains a challenge for many CISOs, according to the discussion that took place during the first Council meeting (see the executive summary). They bemoan the inadequacies of relying on CVSS scores alone for prioritization.

While exposure management, by definition, expands the scope of security issues that remediation teams need to address beyond traditional software vulnerabilities, it’s simultaneously designed to unify and enhance risk scoring and prioritization. By taking into account CVSS scores, EPSS data, threat intelligence and business and technical context, exposure management can make it easier for security teams to convince remediation owners to fix the highest-risk exposures — those toxic combinations of vulnerabilities, misconfigurations and excessive permissions that can have significant operational impact when exploited.

The really juicy part of exposure management is that it provides context.

— Member of the Exposure Management Leadership Council

What other use cases for exposure management are CISOs considering?

Council members see AI security and controls monitoring as additional use cases for exposure management. They regard AI as both a new attack surface their security teams need to monitor and a powerful threat vector. They’re concerned about data leaks and threat actors leveraging AI to execute more stealthy and pernicious attacks. Consequently, they recognize the need for exposure management programs to address the rapidly expanding AI attack surface.

Similarly, they see exposure management as a potential solution to yet another challenge: monitoring the effectiveness of their security controls. What makes controls monitoring so difficult, they say, is inadequate attack surface management and visibility:

"What good is saying that you’re 95% compliant with your internal cybersecurity controls if that 95% is based on just 10% of known assets?”

— Member of the Exposure Management Leadership Council

More to come from the Exposure Management Leadership Council

The Exposure Management Leadership Council will continue to meet quarterly and work toward its long-term goal of establishing principles, best practices, policies and frameworks for exposure management. Stay tuned for future reports and updates as we work together to advance exposure management into a strategic discipline.

The post How Top CISOs Approach Exposure Management in the Context of Managing Cyber Risk appeared first on Security Boulevard.

When you use hardened containers with a superior Java runtime, you give your development teams a competitive advantage.

The post Use These Security Best Practices for Hardened Containers and Java appeared first on Azul | Better Java Performance, Superior Java Support.

The post Use These Security Best Practices for Hardened Containers and Java appeared first on Security Boulevard.

The post Why File Sanitization for Retail Matters appeared first on Votiro.

The post Why File Sanitization for Retail Matters appeared first on Security Boulevard.

Navigating the Landscape of Cybersecurity: Do NHIs Hold the Key? Are you searching for a stress-free solution to safeguard your organization’s data? Understanding the intricacies of Non-Human Identities (NHIs) and Secrets Security Management can offer immense value, providing a promising pathway to achieving NHI security relaxation. Understanding NHIs: The Unseen Protectors What lurks beneath often […]

The post How NHIs Can Help You Relax About Security appeared first on Entro.

The post How NHIs Can Help You Relax About Security appeared first on Security Boulevard.

How Can We Achieve Better NHI Security? Cloud environment security is an integral part of cybersecurity strategies for businesses operating across financial services, healthcare, travel, and more. How can organizations unlock improved results and ensure robust Non-Human Identities (NHIs) security? A strategic approach to NHI management can bridge the gap between security and research & […]

The post Getting Better Results from NHI Security appeared first on Entro.

The post Getting Better Results from NHI Security appeared first on Security Boulevard.

Cybersecurity is a race against time. Every day, businesses face sophisticated threats designed to exploit the smallest vulnerabilities. Among the most dangerous of these are Zero Day Malware attacks — malicious software that targets unknown flaws before vendors or defenders even know they exist. Zero day malware represents the pinnacle of stealth and danger. Unlike

The post Zero Day Malware appeared first on Seceon Inc.

The post Zero Day Malware appeared first on Security Boulevard.

Step-by-step guide to migrate from Akamai Identity Cloud to MojoAuth before shutdown. Ensure secure, seamless CIAM migration today.

The post Step-by-Step Migration Guide from Akamai Identity Cloud to MojoAuth appeared first on Security Boulevard.