In today's digital landscape, cyber attacks are an ever-present threat, and they all ultimately target one thing: data. For most organizations, the challenge lies not only in protecting this data but also in understanding the full scope of what they have. Many organizations struggle to identify how much sensitive data they possess, where it resides, and who has access to it.

Developers of plugins and themes for WordPress.org have been told they are required to enable two-factor authentication (2FA) from October 1st. The move is intended to enhance security, helping prevent hackers from gaining access to accounts through which malicious code could be injected into code used by millions of websites running the self-hosted version of WordPress.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Might want to patch that Acrobat Reader then…

As businesses increasingly adopt Generative AI (Gen AI) to enhance operations, customer engagement, and innovation, the need for robust AI guardrails has never been more critical. While Gen AI offers transformative potential, it also introduces significant risks that can jeopardize your business if not properly managed. Below, we explore five critical risks associated with Gen AI and provide strategies to avoid them.

September 12, 2024 Jerry Dawkins, PhD In the world of cybersecurity, the recent incident involving Snowflake has sparked a significant discussion around the shared responsibility between vendors and customers. The attacks, which targeted over 100 Snowflake customers, have highlighted vulnerabilities that arise not from the platform itself, but from how customers manage their security environments.

One of the primary reasons that the Bitsight Security Rating is widely respected and closely correlated with real-world security outcomes is the scale and sophistication of our asset attribution capabilities. In a recent post, my colleague Francisco Ferreira shared an update on the momentum building with Bitsight Graph of Internet Assets (GIA), the AI-powered engine we use to map assets to organizations and build our Ratings Trees.

Application security is the combination of tools, practices, and policies that are used to protect the application layer of software from threat actors. Once something of an afterthought, application security is now widely and rightfully recognized as a vital part of the software development life cycle (SDLC). As the complexity of technology increases, considering application security early and often in the SDLC is imperative to keeping data and resources from falling into the wrong hands.

As organizations increasingly integrate artificial intelligence (AI) into their operations, the nature of data security is undergoing significant transformation. With AI’s ability to process vast amounts of data quickly, the risk of data breaches and leaks has grown exponentially. In this context, Data Loss Prevention (DLP) has (re)emerged as a critical component for IT professionals seeking to safeguard sensitive information.

Phishing remains the favored and most successful method of obtaining an initial foothold in a targeted organization. So it should come as no surprise that threat actors have developed turnkey solutions that enable even low-skilled hackers to conduct successful email attacks.

Enterprise IAM is a framework of policies, processes, and technologies that enables organizations to manage and secure digital identities and control access to their resources.