What's New at UpGuard: August 2024
Welcome to the August 2024 edition of What's New at UpGuard! We've been busy this past month getting ready for UpGuard Summit, focused on on how security teams can respond to emerging threats, and also organizing resources for companies recovering from the CrowdStrike incident.
On the product side, we've released new questionnaires to our library, added updated detections for recent vulnerabilities, and created a new summary page for subsidaries. Be sure to also check out our new cybersecurity resources on how CISOs can handle future data breaches after the CrowdStrike incident, and more on OpenSSH Vulnerability CVE-2024-6387.
Read on to learn more and stay up-to-date with everything UpGuard has to offer!
Company Highlights
Join us for UpGuard Summit in August
This quarter, we’re focusing on how security teams can respond to emerging threats. Learn about safeguarding procurement processes, defending against infostealer malware, and managing human risk. You’ll also hear from our keynote speaker, Jeff Fairinich, CISO & SVP Technology at New American Funding, as he shares his insights on navigating cloud security and TPRM. Didn't get a chance to join? Register now to access an on-demand recording.
Taking Action after the CrowdStrike Incident
To help companies recover from the recent CrowdStrike incident, we’ve put together a collection of security resources. Access a free list of impacted organizations, watch the webinar recording for CISO insights (register to access the recording), and read our latest blog for an overview of the CrowdStrike outage and impact on third-party risk management.
Explore how BrightCove, Optimized their VRM Process with UpGuard
Brightcove is an online video hosting, sharing, and streaming platform based in Boston, Massachusetts. By partnering with UpGuard, Brightcove successfully enhanced their vendor risk management program, streamlined security assessments, and elevated their procurement process. Read more.
Product Updates
New SIG, NIST CSF 2.0, & DPDP Act Questionnaires
We've updated the Questionnaire Library with new SIG Core and SIG Lite 2024 questionnaires, assessing third-party cybersecurity across various domains. Also, included is a new Multi-Framework Security Questionnaire aligning with ISO 27001:2022 and NIST CSF 2.0, along with a questionnaire for assessing compliance with India’s DPDP Act, 2023, safeguarding personal data privacy in India.. Learn more about our security questionnaires in UpGuard's Library.
Updated Detections for New Vulnerabilities
We've added new detections for CVE-2024-6387 and polyfill.io. CVE-2024-6387 is a high-severity vulnerability in OpenSSH servers, allowing Remote Code Execution with full root privileges (CVSS 8.1). The polyfill.io domain poses a new supply chain risk by hosting the CDN for the polyfill JavaScript package. Read more.
New Summary Page Added for Subsidiaries
We have introduced a new Subsidiary Summary page for BreachSight plans that encompass subsidiaries, offering a comprehensive view of your subsidiaries' security status with detailed breakdowns by category and geolocation specifics. For further insights, check out our guide on the subsidiary summary page.
Cybersecurity Resources
Crowdstrike Response: How CISOs Should Handle Future Breaches
Prepare for future breaches with five action plans to help your organization survive IT disruptions, whether from rusty security updates or third-party data breaches. Read more in our latest blog.
How to Respond: OpenSSH Vulnerability CVE-2024-6387
OpenSSH server faces a critical vulnerability (CVE-2024-6387) that allows cybercriminals to gain full system access without user interaction. Check out our new blog for an overview and remediation suggestions.
Events
Save the Date: InfoSec World, Sept 23-25, 2024
Join the UpGuard Team at the upcoming InfoSec World conference, happening September 23-25 in Lake Buena Vista, Florida. We're excited to be a sponsor of this event, which will focus on tackling pressing challenges in the cybersecurity world, including defense strategies, understanding new threats, and governance and compliance. Be sure to swing by Booth #407 and say hello to our team! Read more and register here.
We had a fantastic time at Black Hat 2024 in Las Vegas this past month! We're grateful to Black Hat for uniting professionals, companies, and innovative ideas at this annual conference. A big thank you to all the professionals and companies who visited our booth and attended our Networking Happy Hour event. Read more about our Black Hat experience on our LinkedIn page.
Prefer to receive this newsletter in your inbox? Click here to subscribe!