Blog - RH-ISAC

Recent research from Detectify found a 25% increase in vulnerabilities detected in its customers’ subdomain assets in 2021 than in 2020. Additionally, the study found a 100% increase in the median number of vulnerabilities per domain in 2021 than in 2020. Detectify researchers said that the subdomain attack surface continues to grow, and DNS is…

In a perfect world, all of the defenses you’ve put in place will successfully defend against a ransomware attack. Your employees won’t click on any malicious links, none of your credentials will be brute-forced, your RDP ports are secure, and you’ve implemented a zero-trust framework across your network. It is true that taking measures to…

SaaS Security: A Changing Model of Cybersecurity Businesses today commonly employ hundreds of individual SaaS applications for a variety of specific functions, but the majority of sensitive data is typically entrusted to a small set of foundational enterprise applications. Security leaders are well aware that the transition to SaaS has prompted increased targeting by bad…

Updates: April 5, 2022, 12 p.m. ET The “Spring4Shell” RCE (CVE-2022-22965) has been added to CISA’s list of known exploited vulnerabilities. Due to the conditions required to exploit the vulnerability, security researchers are beginning to form a consensus that, while serious, Spring4Shell is not as critical or dangerous as the Log4Shell vulnerability. The conditions for…

With ransomware demands in the millions, companies are beginning to prioritize investment in their ransomware resilience strategy to avoid the severe financial, operational, and reputational costs of being the victim of an attack. In fact, ransomware planning ranked as the top initiative for retail and hospitality CISOs in RH-ISAC’s recent 2021 CISO Benchmark Report, but…