A critical flaw in Hotjar that combines XSS with OAuth putting millions of websites at risk, exposing user data and risking account takeovers. Hotjar, a trusted product experience insights platform used by over a million websites, including global brands like Adobe and Microsoft, offers powerful behavior analytics and feedback tools. These include Heatmaps, Recordings, Surveys, and Feedback, which help product teams understand user behavior and improve user experience (UX).

Is cyber risk insurable? That question is often at the heart of the debate about the future of the cyber insurance industry. One of the primary drivers of that question is the insurance industry’s challenges when managing systemic cyber risk since many believe that systemic cyber risk has the potential to bankrupt the industry. While there hasn’t been a catastrophic cyber incident that has proven the skeptics right, there have been several close calls.

Whether you’re a Halloween or comic con fan, dressing up as your favorite character is something you’ve probably done at least once in your life. As a kid, you were excited to put on that flimsy Batman mask and cape, thinking you looked just like the hero you saw on the movie screen. As an adult, getting or making the most move-accurate costume may allow other people to think that you are the actor in disguise.

The ubiquitous CrowdStrike incident resulted in a major diversion of resources, with some hard-hit organizations assigning almost all of their IT and security personnel to damage control. As a CISO of an impacted organization, you will likely be required to answer for a lack of resilience to this type of event. To support your decision-making as you reevaluate your resilience budgets, this post outlines four resilience strategies based on key learnings from the CrowdStrike event.

Data breaches have increased this year, costing businesses $4.88 million—a 10% increase from 2023 and the highest increase since the pandemic. The cost is due to several factors, but an internet leak is one of the common factors that cost businesses money, causes loss of reputation, and threatens the online privacy of the general public. So, what can you do to help yourself, friends, family, employees, or businesses to limit the costs of a data breach or internet leak?

1Password Business customers can now integrate with Google Identity Platform using OpenID Connect (OIDC). Doing so brings all the benefits of integrating 1Password with your IdP: streamlined access, unified security policies, and improved auditing, compliance, and reporting workflows.

Some explanations about the hidden danger of GitHub features that allow anyone to access commits you thought had been deleted.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I wondered when I would hear knives being sharpened.

Malicious cyber activity is intensifying at an unprecedented rate. The infrastructure that offers the convenience of working from multiple workstations, mobile devices, and home computers is a double-edged sword, increasing the total attack surface and complexity of securing these environments.

Modern IT infrastructure is comprised of various interconnected network components that make communication and resource sharing possible throughout your organization. Whether securing sensitive data, facilitating collaboration, or simply ensuring uninterrupted access, a network of devices is at play—and the elements of these devices are critical to a business’s successful operation.