Varun Sharma

In the latest Cyble Podcast, Chirag D Joshi joins Kapil B. to discuss some of the biggest security weaknesses organizations are facing today. He highlights three areas that continue to drive real-world vulnerabilities: 🔹 Security configuration management 🔹 Privileged access management — across both human and system identities 🔹 The growing impact of AI on identity and access complexity He also shared why security testing is becoming a major priority, especially with APRA’s increased focus on stronger testing requirements. Watch the full clip for the complete discussion. 🎥👇 #CyblePodcast #CyberSecurity #VulnerabilityManagement #PrivilegedAccessManagement #ThreatIntelligence #SecurityTesting #APRA

23

1 Comment

The RBI auditor gave them 30 days.   Their NAC had been in "monitor mode" for 14 months.   ---   The CISO knew it was a problem. His team knew it was a problem.   But monitor mode was comfortable. No enforcement meant no helpdesk tickets. No complaints from users. No late-night calls about blocked devices.   Until the auditor wrote three words in the findings report:   "Non-enforcing access control."   Suddenly 30 days to move from monitor to enforcement across 2,000+ endpoints.   Here's what saved them:   They didn't try to enforce everything at once.   Week 1: Enforced on server VLANs only (highest risk, fewest devices, smallest blast radius). Week 2: Added corporate laptops with certificate-based auth. Week 3: BYOD and contractor devices with profiling + limited access. Week 4: IoT and unmanaged devices — quarantine VLAN with explicit allow-list.   By day 28, enforcement was live across the network.   The auditor's follow-up found zero open findings.   ---   The lesson isn't "hire a consultant when the auditor shows up."   The lesson is: enforcement doesn't have to be all-or-nothing.   Phased rollout. Highest risk first. Smallest blast radius. Expand when stable.   If your NAC is sitting in monitor mode and you know the audit is coming — the clock is already ticking.   DM me "ENFORCE" for a phased enforcement roadmap I've used at 4 different banks.   #NAC #cybersecurity #RBI #compliance #BFSI #networksecurity #audit

12

🚨 New Critical Adobe AEM Forms Vulnerabilities #CVE-2025-54253 & CVE-2025-54254 Two newly disclosed CVEs affecting Adobe Experience Manager (AEM) Forms on JEE could enable attackers to execute arbitrary code remotely or access sensitive files via XXE injection. 🔍 CVE-2025-54253: Exploitable misconfiguration leading to remote code execution 🛑 CVE-2025-54254: XML External Entity flaw enabling file disclosure ➡️ Public PoCs are already circulating - that means real-world exploitation is imminent. The IONIX research team is actively tracking exploitation attempts. If you're using AEM Forms v6.5.23 or earlier, you're at risk. We recommend patching immediately and validating configurations to block abuse vectors. Our latest blog covers: ✅ Exploit details with sample payloads ✅ Real-world impact assessment ✅ Patch guidance and config hardening ✅ Asset visibility via the IONIX Threat Center 👉 Read the full breakdown: https://lnkd.in/e-cKayNg #CyberSecurity #Adobe #CVE #ZeroDay

10

From Alerts to Action: Inside OpsMx’s AppSec Vision In this Pulse 2.0 interview, OpsMx CTO Gopinath Rebala shares how OpsMx redefines Application Security Posture Management (ASPM) for modern software delivery. 🔎 Key takeaways: 1) Why Delivery BOM > SBOM for secure releases 2) Making “Shift Left” work—without slowing devs down 3) How GenAI powers faster remediation and policy automation 4) Real-world wins from policy-enforced CI/CD security This is a must-read if you care about scaling AppSec without slowing innovation. 👉 Read the interview: https://lnkd.in/gXHg6Erc  #ApplicationSecurity #DevSecOps #ASPM #SoftwareSecurity #CTOInsights #GenAI #OpsMx

4

Why do I keep talking about Customer Responsibilities Matrices (#CRMs)? Because they help safeguard your data and assuming “the provider handles that” is never appropriate. CRMs aren't just a mandatory requirement for #CMMC. They help ensure service providers and their customers remain aligned and security is achieved. I have dozens of stories for how a lapse in communication caused significant risk to an organization using a cloud service offering. What about you? Do you have any stories you'd like to share on how a CRM could have helped save the day (not to mention a lot of time and money)? If you’re an external service provider (CSP, MSP, MSSP) and don’t want to be the cautionary tale in someone else’s post, download the Optic Cyber Solutions CRM Template today (link in comments) to get started with your CRM. If you have questions on how to develop a CRM reach out, I'll still be talking about them and happy to help.

17

5 Comments