While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, and network devices. The primary objective was to maintain an accurate record of these assets to ensure proper configuration and patch management.

Like any chain, a software supply chain contains many links. These links consist of every actor involved in the development & deployment of your code in the Software Development Life Cycle (SDLC). An actor can be the developers, infrastructure components, and even repositories like GitHub. A company might have a very secure supply chain. However, it will only be as strong as its weakest link.

With tens of thousands of potential threats lurking in remote corners of the deep and dark web, organizations are increasingly at risk of being targeted by cyber attackers or having their sensitive information traded or leaked online. Deep and dark web monitoring enables businesses to safeguard their digital assets and accelerate visibility of online threats, protecting their brand and reputation.

By James Rees, MD, Razorthorn Security Times must change (and always will) and nowhere is this more true than in the realm of technological advancement. Thirty years ago, the technological landscape was vastly different from what we have today and technological change has outpaced Moore’s Law for some time now. Information security must keep pace with these advancements. This has become especially true with the advent of AI.

In a troubling development for cybersecurity, the BlackByte ransomware group has shifted tactics by exploiting a newly discovered authentication bypass vulnerability in VMware ESXi, tracked as CVE-2024-37085. This vulnerability has allowed attackers to compromise critical infrastructure within enterprise networks, highlighting a significant shift in the threat landscape.

Unlike traditional software, where testing is relatively straightforward, Gen AI apps introduce complexities that make testing far more intricate. This blog explores why traditional software testing methodologies fall short for Gen AI applications and highlights the unique challenges posed by these advanced technologies.

We’ve written a lot about various security frameworks, from CMMC to ISO 27001, and throughout all of them, one of the core elements is the need to protect CUI. Information that is controlled at a very high – SECRET, Classified, or other – level is tightly bound by specific rules and can only be handled by select individuals. Completely base, public information is freely available and completely uncontrolled. But there’s a lot of information somewhere in the middle.

California’s data protection law applies not just to consumers, but to employees. And it’s finally taking effect.

New analysis of current ransomware attacks shows a massive focus on U.S. organizations, with growth spread across nearly every industry. One would think there would be a slowdown in the number of ransomware attacks due to the amount of threat intelligence and best practices to mitigate this threat.

Worried about GitHub Copilot’s security and privacy concerns? Learn about potential risks and best practices to protect yourself and your organization while leveraging AI.