unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Incident Response: Can Your Organization Survive the Next Cyber Crisis?
GuidePoint Security推出新的服务IRMA(事件响应成熟度评估),帮助组织衡量和提升其网络安全事件应对能力。该服务通过全面评估组织在预防、检测、响应和恢复方面的表现,提供定制化的成熟度分析和改进计划,助力企业建立更强大、更具韧性的事件响应体系。...
2025-6-10 13:0:0 | 阅读: 14 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
maturity
irma
clarity
roadmap
resilient
When to Call for Backup: How to Know It’s Time for IR Support
文章探讨了在安全事件中何时应寻求外部支持的重要性。面对复杂威胁如勒索软件或关键系统受损时,引入专业团队可加速响应并减少损失。内部团队需评估自身能力,并提前规划好升级机制和合作伙伴关系。...
2025-6-4 16:0:0 | 阅读: 20 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
security
containment
blake
guidepoint
consultant
Tabletop to Real World: Turning Incident Response Exercises into Operational Readiness
桌面演练是安全准备的关键步骤,但其价值在于后续改进与持续实践。通过分析问题、更新流程和定期演练,团队能提升响应能力,确保在真实事件中做好准备。...
2025-5-30 16:0:0 | 阅读: 21 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
exercises
simulations
security
readiness
tabletop
How Mature Is Your Identity and Access Management Program?
身份威胁频发且复杂化,超七成数据泄露源于身份攻击。研究显示多数组织在身份与访问管理(IAM)成熟度上仍显不足,面临手动流程依赖、技术投入不足及资源短缺等挑战。高绩效组织通过采用自动化及先进工具显著提升安全性。建议企业优先投资IAM技术并加强政策整合以应对威胁。...
2025-5-29 11:0:0 | 阅读: 12 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
security
maturity
processes
guidepoint
pam
You’ve Contained the Threat — What Comes Next? From Recovery to Lessons Learned
文章强调了网络安全事件发生后恢复和后续审查的重要性。通过系统验证、信任重建和持续改进,组织能够从事件中恢复并增强长期弹性。...
2025-5-22 13:0:0 | 阅读: 12 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
security
restoring
restoration
containment
blake
Navigating Incident Response Documentation
文章介绍了网络安全中的三个关键文档:Incident Response Plan(IRP)、Playbook 和 Runbook。IRP 是战略蓝图,定义整体应对策略;Playbook 提供战术指导;Runbook 提供详细操作步骤。三者协同工作,帮助组织快速响应安全事件、减少损失并适应威胁变化。案例显示完善这些文档可显著提升响应效率和团队信心。...
2025-5-15 13:0:0 | 阅读: 7 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
playbooks
runbooks
playbook
strategic
ransomware
Bridging the Gap: How a Controls-Focused Cybersecurity Program Aligns SEC Rules with Daily Operations
美国证券交易委员会(SEC)加强网络安全披露规则,要求企业保护数字资产并展示网络安全在业务中的整合。基于控制的策略帮助组织将监管要求转化为日常行动,并通过清晰文档确保合规性和战略执行。...
2025-5-13 13:0:0 | 阅读: 11 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
security
governance
operational
regulatory
Interesting Interlock Intrusion: How Interlock Achieves Encryption
本文描述了一起由Interlock勒索软件团伙发起的 ransomware 攻击事件。攻击者通过 SocGholish 恶意软件和 NetSupportRAT 获取目标网络的持久访问权限,并利用 AZCopy 工具将敏感数据外泄至 Azure 云存储。随后部署 Interlock 加密器导致大量文件被加密并生成勒索信息。...
2025-5-8 13:0:0 | 阅读: 10 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
roaming
0nenote
remote
windows
Are You Using CNAPP to Its Full Potential, or Just Paying for It?
文章指出云原生应用保护平台(CNAPP)虽有潜力统一云安全防护,但多数企业仅使用部分功能,导致资源浪费和风险暴露。原因包括缺乏专业知识、培训不足及工具过载等。建议分阶段启用、跨部门协作并设定实际目标以最大化平台价值。...
2025-5-6 13:0:0 | 阅读: 8 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
cnapp
cloud
security
enablement
guidepoint
The Power of Women in Cybersecurity: Mentorship, Community, and Rising Together
这篇文章探讨了网络安全领域女性面临的挑战与机遇。通过国际妇女节的小组讨论,两位专家分享了如何通过导师制、社区支持和个人品牌建设在该领域取得成功。她们强调技术背景并非唯一途径,并鼓励女性利用行业会议、在线论坛和专业组织扩展人脉。文章旨在激励更多女性进入这一领域,并通过合作促进性别平等。...
2025-5-5 22:30:0 | 阅读: 9 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
lauren
mentorship
peggy
guidepoint
Wiz on Cloud Security in 2025: Navigating the Future of Cyber Threats and Defense
文章探讨了云环境中新型勒索攻击的案例,攻击者通过窃取敏感数据而非加密文件进行威胁。调查揭示了身份验证绕过、密钥窃取及配置错误应用作为攻击入口,并强调数据管理、日志记录及IAM安全的重要性。...
2025-4-24 13:0:0 | 阅读: 9 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
cloud
attacker
attackers
security
threats
AI is Here: 10 Reasons Your Governance Plan Should Be Too
文章强调了人工智能(AI)在商业中的巨大潜力及其广泛应用带来的安全、隐私和合规风险。GuidePoint Security推出了一套AI治理解决方案,旨在帮助组织建立监督机制和控制措施以安全高效地使用AI。文章列举了十个理由说明为何现在需要重视AI治理,包括识别影子AI工具、满足监管要求、减少风险敞口等。...
2025-4-17 10:15:0 | 阅读: 5 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
governance
security
gaps
oversight
readiness
Insights from the GRIT 2025 Q1 Ransomware & Cyber Threat Report
勒索软件激增,Q1报告指出受害者创新高(2,063人),活跃勒索团伙增长56%。非营利和教育机构攻击显著增加(分别增长106%和16%),制造业和医疗保健仍是重点目标。漏洞披露量增41%,被利用漏洞激增75%。企业需加强安全措施应对威胁。...
2025-4-10 09:45:0 | 阅读: 7 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
ransomware
industries
relentless
exploited
RansomSnub: RansomHub’s Affiliate Confusion
RansomHub自2024年初崛起为顶级勒索软件即服务(RaaS)组织后,在短短一年内因内部矛盾和不稳定性面临威胁。其承诺的稳定性和安全性未能兑现,导致基础设施故障、附属机构转向其他平台以及竞争对手DragonForce声称其迁移至其基础设施。这种情况凸显了勒索软件组织内部冲突和不信任的普遍性,并可能预示着RansomHub未来的不稳定发展。...
2025-4-8 17:0:0 | 阅读: 1 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
ransomhub
affiliates
dragonforce
affiliate
ramp
This Caller Does Not Exist: Using AI to Conduct Vishing Attacks
文章探讨了语音钓鱼攻击(Vishing)如何利用AI生成声音进行社会工程学攻击,并介绍了相关工具和技术。通过案例展示了攻击者如何利用AI克隆声音实施诈骗或入侵系统。文章还提供了防范建议,强调“信任但验证”的重要性。...
2025-4-8 13:0:0 | 阅读: 8 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
voicemeeter
soundux
voices
vishing
speech
Identities and IAM Trends: Q&A With a Saviynt Identity Expert
文章探讨了人工智能(AI)对身份安全的深远影响。随着AI被用于自动化和扩大网络攻击规模,传统的安全措施如多因素认证(MFA)已不足以应对威胁。未来,AI将推动身份治理的智能化和持续化,并成为防御新兴威胁的关键工具。...
2025-4-3 13:0:0 | 阅读: 6 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
security
identities
agents
attackers
Supporting Continuous Learning in AI Governance and Security
作者分享了AI治理的学习资源,包括课程、实践练习、时事通讯和专家账号,帮助读者持续学习和了解AI发展。...
2025-4-1 13:0:0 | 阅读: 31 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
security
webinar
exercises
newsletters
ed
A New Standard for SaaS Security: Reducing Risk and Complexity
SaaS平台在组织中变得至关重要,但面临日益增长的安全威胁。标准化方法被提出以应对不一致性和漏洞问题,并通过与行业专家合作开发框架来提升整体安全性。公众受邀参与制定标准,共同塑造更安全的数字环境。...
2025-3-28 13:0:0 | 阅读: 16 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
security
romke
cloud
initiatives
haan
Aligning Cybersecurity and Third-Party Risk Management with Business Goals
文章探讨了网络安全与第三方风险管理的重要性,强调需与业务目标保持一致以获得支持,并通过有效沟通和整合流程推动积极变革。...
2025-3-25 13:0:0 | 阅读: 4 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
treatment
likelihood
security
Rethinking Risk: ICS & OT Security with Purdue 2.0 and GRC
文章探讨了XIoT在工业、医疗等领域的广泛应用及其带来的效率提升和安全风险。随着OT与IT系统的融合,攻击者更容易利用漏洞进行攻击。传统的Purdue模型在现代互联环境中存在局限性,需通过Purdue 2.0引入零信任、实时威胁检测和云/XIoT集成等新策略来应对复杂威胁。...
2025-3-18 13:0:0 | 阅读: 31 |
收藏
|
GuidePoint Security - www.guidepointsecurity.com
security
purdue
threats
Previous
1
2
3
4
5
6
7
8
Next