A New Standard for SaaS Security: Reducing Risk and Complexity SaaS平台在组织中变得至关重要,但面临日益增长的安全威胁。标准化方法被提出以应对不一致性和漏洞问题,并通过与行业专家合作开发框架来提升整体安全性。公众受邀参与制定标准,共同塑造更安全的数字环境。... 2025-3-28 13:0:0 | 阅读: 18 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security romke cloud initiatives haan

Aligning Cybersecurity and Third-Party Risk Management with Business Goals 文章探讨了网络安全与第三方风险管理的重要性，强调需与业务目标保持一致以获得支持，并通过有效沟通和整合流程推动积极变革。... 2025-3-25 13:0:0 | 阅读: 5 | 收藏 | GuidePoint Security - www.guidepointsecurity.com treatment likelihood security

Rethinking Risk: ICS & OT Security with Purdue 2.0 and GRC 文章探讨了XIoT在工业、医疗等领域的广泛应用及其带来的效率提升和安全风险。随着OT与IT系统的融合，攻击者更容易利用漏洞进行攻击。传统的Purdue模型在现代互联环境中存在局限性，需通过Purdue 2.0引入零信任、实时威胁检测和云/XIoT集成等新策略来应对复杂威胁。... 2025-3-18 13:0:0 | 阅读: 32 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security purdue threats

Fortifying OT/ICS: Building Resilience and Business Continuity in a Cyber Threat Era 文章强调了网络安全治理在应对日益复杂的网络威胁中的重要性，特别是在工业控制系统（OT）领域。随着勒索软件攻击的增加和IT/OT系统的深度融合，组织需通过强化治理框架、提升风险评估能力及投资安全技术来应对威胁。... 2025-3-11 13:0:0 | 阅读: 5 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security operational threats governance grc

Breaking Basta: Insights from Black Basta’s Leaked Ransomware Chats 这篇文章分析了Black Basta勒索软件团伙泄露的聊天记录（2023年9月至2024年9月），揭示了该团伙通过加密货币钱包获取约3800万美元赎金，并利用ZoomInfo评估受害者收入以设定赎金。他们借助ChatGPT进行社会工程学攻击，并依赖公开漏洞PoC实施入侵。... 2025-3-6 18:7:19 | 阅读: 9 | 收藏 | GuidePoint Security - www.guidepointsecurity.com basta wallets chats security

Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear GRIT报告称收到多封可疑邮件，声称来自BianLian勒索集团，威胁泄露企业数据并索要赎金。邮件包含比特币支付信息和QR码。分析显示这些信件存在诸多疑点：通过邮政发送、语言风格不符、Tor链接已知等。GRIT认为这是诈骗行为，并无真实入侵活动。... 2025-3-4 16:17:6 | 阅读: 7 | 收藏 | GuidePoint Security - www.guidepointsecurity.com letter letters bianlian network ransomware

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates 本文讨论了美国健康保险可移植性和责任法案（HIPAA）安全规则的拟议变更。大部分受监管实体未能正确实施风险分析和风险管理。新规定要求更全面的风险分析、明确范围、识别威胁与漏洞，并采用行业标准框架以增强安全措施。... 2025-3-4 14:0:0 | 阅读: 5 | 收藏 | GuidePoint Security - www.guidepointsecurity.com analysis security ephi nprm proposed

Untangling AWS Networks with Cloud WAN 文章探讨了企业在扩展过程中面临的网络复杂性问题，尤其是多账户管理、身份访问管理和网络架构的挑战。AWS Cloud WAN通过自动化部署和统一全球网络层简化了跨区域和多账户的连接，并提供集中控制和可视化功能。它整合NAT网关、VPC端点等共享服务，减少重复并提升安全性与效率。... 2025-2-25 14:0:0 | 阅读: 7 | 收藏 | GuidePoint Security - www.guidepointsecurity.com vpc network cloud segments vpcs

GRIT’s 2025 Report: Ransomware Group Dynamics and Case Studies 文章探讨了勒索软件威胁的演变趋势及主要团伙的策略变化。RansomHub扩张迅速, LockBit受挫明显, Play保持低调。Qilin和BlackSuit案例揭示了高级技术和数据威胁的重要性。安全团队需加强监测与防御措施。... 2025-2-18 14:0:0 | 阅读: 8 | 收藏 | GuidePoint Security - www.guidepointsecurity.com ransomware ransomhub qilin security threats

Proposed Changes from the HHS to HIPAA Security Rule 美国卫生与公众服务部（HHS）于2024年12月提出修改《健康保险可移植性和责任法案》（HIPAA）安全规则的拟议规定。新规新增了术语定义和多项要求，包括技术控制的实施、定期审查和更新技术资产清单及网络图、加强漏洞管理和多因素认证等，并设定了具体的时间限制以提高合规性和安全性。... 2025-2-11 14:30:0 | 阅读: 10 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security proposed guidepoint dan ephi

GRIT’s 2025 Report: Annual Vulnerability Analysis and Exploitation Trends February 4, 20252024 saw an unprecedented surge in vulnerability disclosures, with over 3... 2025-2-4 14:0:0 | 阅读: 6 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security addressing attackers catalog

Ongoing report: Babuk2 (Babuk-Bjorka) January 29, 2025Editor’s note: We will continue to provide updates as further information... 2025-1-29 14:0:0 | 阅读: 9 | 收藏 | GuidePoint Security - www.guidepointsecurity.com ransomware dls grit victim claims

GRIT 2025 Report: Post-Compromise Detection Strategies January 28, 2025This blog marks the beginning of a series based... 2025-1-28 14:0:0 | 阅读: 9 | 收藏 | GuidePoint Security - www.guidepointsecurity.com ransomware attackers actionable powershell threats

OT/ICS Security: Beyond the Easy Button January 23, 2025In the world of Operational Technology (OT) and Industrial Control... 2025-1-23 14:0:0 | 阅读: 6 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security grc governance strategic oversight

Unveiling the GRIT 2025 Ransomware and Cyber Threat Report January 16, 2025The ransomware landscape is shifting, and under... 2025-1-16 11:30:0 | 阅读: 10 | 收藏 | GuidePoint Security - www.guidepointsecurity.com ransomware matters industries surge expanding

RansomHub Affiliate leverages Python-based backdoor January 15, 2025In an incident response in Q4 of 2024, GuidePoi... 2025-1-15 21:53:41 | 阅读: 15 | 收藏 | GuidePoint Security - www.guidepointsecurity.com python c2 guidepoint proxy tunnel

Considerations for a Balanced Critical Infrastructure Security Strategy January 7, 2025With the Presidential administration changeover happening soon, the... 2025-1-7 14:0:0 | 阅读: 6 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security innovation sectors chris water

The Critical Need for Multi-Role Testing in Application Security December 19, 2024As web, thick client, mobile, and IoT applications have become mo... 2024-12-19 14:0:0 | 阅读: 10 | 收藏 | GuidePoint Security - www.guidepointsecurity.com client identify privileged identifiers

CMMC Is Here – Are You Ready? (Better Late Than Never) December 16, 2024Well, the day(s) some people said would never come are here:... 2024-12-16 14:0:0 | 阅读: 11 | 收藏 | GuidePoint Security - www.guidepointsecurity.com cmmc security c3pao dod guidepoint

Understanding and Taking Advantage of the NYDFS Risk Assessment Requirement read file error: read notes: is a directory... 2024-12-11 22:0:0 | 阅读: 7 | 收藏 | GuidePoint Security - www.guidepointsecurity.com nydfs security treatment regulation