A newly identified cybercrime group is exploiting abandoned cloud infrastructure to hijack subdomains and launch malicious campaigns under the names of trusted organizations. This threat actor, known as Hazy Hawk, is using overlooked DNS configurations to target enterprise brands and government entities alike—highlighting a growing blind spot in cloud security [...]
These expert-curated tools and guides are essential for strengthening your security posture, reducing risk, and supporting compliance efforts.
Organizations can use NIST SP 800-37 to guide the Risk Management Framework (RMF) process, helping them categorize systems, select and implement security controls, and continuously monitor risk. It provides a structured, repeatable approach to managing cybersecurity risk across the system lifecycle—aligning technical safeguards with business and compliance requirements.
check Use NIST SP 800-37 to classify information systems based on confidentiality, integrity, and availability requirements.
check Follow the framework to identify and apply appropriate security controls tailored to system risk and business needs.
check Establish an ongoing monitoring process to assess control effectiveness and adapt to evolving threats.
Organizations can use NIST SP 800-40 to guide enterprise patch and vulnerability management, helping them prioritize, test, and deploy updates efficiently. It provides a structured, repeatable process to reduce exposure to known threats—aligning remediation efforts with risk and operational impact.
check Use NIST SP 800-40 to assess and rank vulnerabilities based on potential business impact and threat exposure.
check Establish a process to safely evaluate patches before deployment to avoid operational disruption.
check Implement patches across systems in a timely, organized manner while maintaining logs for accountability and audit readiness.
