As in many companies around the world, Bitsight leadership believes that adoption and innovation through the use of artificial intelligence (AI) capabilities is crucial to the future of our company. From the top down, our employees are continually on the hunt for ways to leverage AI to improve business outcomes and customer productivity.

In today’s digital age, where work from anywhere and hybrid cloud adoption are the norm, traditional network security perimeters have crumbled. IT organizations are using hybrid cloud strategies to combine the scalable, cost-effective public cloud with the secure, compliant private cloud. However, on the user side, enterprises are grappling with the limitations of VPNs, which were once the go-to solution for secure remote access.

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.

Starting on Oct. 15, 2024, Microsoft Entra ID, Microsoft Intune, and other Microsoft Azure applications will require users to sign in with Microsoft Entra MFA. With increasing threats of account takeovers and large-scale phishing attacks targeting Entra ID users, this looks to be a step in the right direction.

In 2024, you should avoid several Facebook Marketplace scams, including those related to mobile payments, gift cards, stolen items and rental properties. Facebook Marketplace is part of Facebook and it allows you to buy or sell items from local individuals or small businesses. Since some Facebook Marketplace transactions occur online, there are various ways you could fall victim to these types of scams.

In the world of security, every second counts. A shorter mean time to detect (MTTD) translates to less damage, increased customer trust, and a greater likelihood of securing cybersecurity support. An important factor in achieving this rapid response is the power of an intuitive and user-friendly interface.

On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four OpenPrinting Common UNIX Printing System (CUPS) vulnerabilities, that, when chained together, can allow malicious actors to launch remote code execution (RCE) attacks on vulnerable systems. CUPS is a widely used, open-source printing system that supports Linux and other Unix-like operating systems. It also supports ChromeOS and macOS.

AI-powered solutions are becoming increasingly prevalent in enterprise environments, leading to a new trend in procurement: the need for comprehensive AI governance frameworks. This shift reflects a growing awareness of AI-specific risks and the need for more granular controls. As the founder of Nightfall AI, a startup building AI models for data security, I've navigated hundreds of procurement cycles and observed a rise in AI-specific requirements.

You can ensure data integrity in your organization by enabling data encryption, investing in a password manager, regularly backing up your data and implementing strict access controls. Data integrity ensures that your data is accurate and complete, meaning it hasn’t been changed, removed or stolen by an unauthorized user. Continue reading to learn why data integrity is important and how your organization can ensure your data is accurate, complete and consistent.

CUPS is a suite of programs and daemons that provide local and network printing capabilities on Unix-like systems such as Linux and macOS. Versions before and including 2.0.1 are vulnerable to CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed) and CVE-2024-47177 (cups-filters), all of which can be chained together to allow remote unauthenticated code execution. At this time there is no updated version available.