Black Duck Security Advisories provide actionable advice and details about open source vulnerabilities to help you improve your remediation activities. A vulnerability is a software bug that hackers can exploit to attack an application. Ideally, software is written so as to proactively thwart the efforts of bad actors, but that is often not the case.

Small business owners have a ton of things to worry about, but cybersecurity should always remain a top concern. Why? The Allianz Risk Barometer lists cyber incidents as the number one business risk in 2022, ranking it higher than the shortage of skilled workers, complications from the pandemic outbreak, and natural disasters.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. To be honest, I’m surprised they still have any customers left. Yet another breach at T-Mobile ….

For the next interview in our series speaking to technical leaders from around the world, we’ve welcomed Matt Polak, CEO and Founder at Picnic Corporation. Matt Polak is a subject matter expert in intelligence collection, having spent his career applying these skills to intractable growth and competitive strategy challenges for Fortune 500 customers.

Having effective enterprise cybersecurity is more than having your employees create a password that isn’t their pet’s name—unless perhaps their cat’s name is at least 12 characters long, and a combination of upper- and lower-case letters and symbols. Whether it’s well-researched spearphishing attempts or bypassing MFA, threat actors have only become more daring.

Recently, we announced that 1Password Business customers will soon be able to unlock 1Password with Okta.

This week, UK’s Postal Service, Royal Mail has been hit with a Ransomware attack, which put the countries sensitive data at risk. In this blog post, we’ll take a look at what ransomware is, how it can affect businesses and individuals, and what we’ve learnt from this huge scale attack. Stay tuned for more updates on this developing story.

ChatGPT is an artificial intelligence chatbot created by OpenAI, reaching 1 million users at the end of 2022. It is able to generate fluent responses given specific inputs. It is a variant of the GPT (Generative Pre-trained Transformer) model and, according to OpenAI, it was trained by mixing Reinforcement Learning from Human Feedback (RLHF) and InstructGPT datasets. Due to its flexibility and ability to mimic human behavior, ChatGPT has raised concerns in several areas, including cybersecurity.

With attackers constantly developing new tactics to compromise credentials and data, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activity. Many organizations turn to security information and event management (SIEM) products for help.

Once an attacker establishes a foothold in your Active Directory (AD) domain, they begin looking for ways to achieve their final objective, such as to sensitive data on file servers or in databases, spread ransomware or bring down your IT infrastructure. To do so, they must first gain additional access rights — ideally, membership in highly privileged groups like Domain Admins. BloodHound Active Directory helps them find paths to do just that.