For years, Microsoft has been making significant inroads in the security space, earning number-one rankings from top industry analyst firms IDC and Forrester for its endpoint and extended detection and response (XDR) security tools. Taking full advantage of these tools, however, requires some significant know-how and 24x7 staffing, prompting many to turn to a managed detection and response (MDR) service provider for help.

Artificial intelligence (AI) has seamlessly woven itself into the fabric of our digital landscape, revolutionizing industries from healthcare to finance. As AI applications proliferate, the shadow of privacy concerns looms large. The convergence of AI and privacy gives rise to a complex interplay where innovative technologies and individual privacy rights collide.

Software development practices are rapidly changing, and so are the methods adversaries use to target custom applications. The rise of loosely coupled applications, along with an impressive increase in code deployment speed, has resulted in a growing attack surface with more software architecture and imported dependencies. Application security (AppSec) teams are often outnumbered by software developers and struggle to keep up with frequent code changes.

It’s been a week. A long week. After the most recent Board of Directors meeting, your senior leadership tasked you with finding a security analytics solution. Over the last month, you’ve worked with leadership to develop some basic use cases to determine which solution meets your security and budget needs. You started your research, but everything on the market seems really overwhelming.

How is generative AI transforming trust? And what does it mean for companies — from startups to enterprises — to be trustworthy in an increasingly AI-driven world?

Two chainable zero-day vulnerabilities face Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS): CVE-2023-46805 and CVE-2024-21887. All supported versions of the Ivanti Connect Secure and Policy Secure Gateways are currently at risk, and Ivanti has confirmed that customers have experienced active exploitation. ICS was previously known as Pulse Connect Secure. ICS offers a virtual private network (VPN) gateway, while IPS provides network access control.

Some of the most common types of password attacks include password cracking, password spraying, dictionary attacks, credential stuffing, brute force and rainbow table attacks. The better your password habits are, the less susceptible you are to password attacks. Keeper’s Password Management Report found that only 25% of respondents use strong, unique passwords for every account – meaning that 75% of respondents place their accounts at risk of being compromised due to weak passwords.

This week’s featured cyber incidents included a combined 2.3 million, although one event remains under investigation. The week began with an update from the Edmonds School District regarding their January 2023 breach, which exposed 145,844 individuals. Three other breaches also updated information; NASCO led the group with an update on their 1.6 million breach stemming from MOVEit.

NASCO provides various healthcare solutions to serve Blue Cross and Blue Shield members. They offer a comprehensive portfolio of services and use industry insights to project the needs of their 20 million clients. Thanks to third-party vendors specializing in unique services, NASCO can serve millions of individuals. Progress Software’s MOVEit tool was one of these specialized vendors. The tool allows for streamlined file management and was used globally as a multi-industry option.

We’ve talked a lot about why software bills of materials (SBOMs) are important and how they communicate the value of your organization, so we won’t continue those lectures here. We’re all good on the why so today we’ll talk about the how – the best (and free!) tools to help you create SBOMs automatically. Creating an SBOM manually is arduous and error-prone so why not avoid it altogether?