On August 20, 2024, GitHub released security fixes for a critical authentication bypass vulnerability in GitHub Enterprise Server, identified as CVE-2024-6800. GitHub Enterprise Server is a self-hosted version of GitHub, designed for organizations to manage and collaborate on code securely within their own infrastructure. This vulnerability affects instances using SAML single sign-on (SSO) with certain identity providers (IdPs) that publicly expose signed federation metadata XML.

As the Payment Card Industry Data Security Standard (PCI DSS) compliance standards continue to evolve, our team has been fielding a number of questions about the changes to 4.0, how to interpret them and ultimately how to get or remain compliant. We decided to create a blog series covering some of these recent changes with practical, actionable tips for getting started. Many organizations subject to PCI-DSS may not be aware that the latest version, PCI 4.0.1 has been released.

At a high level, security leaders need tools that: a) Efficiently detect and respond to threats. b) Can be managed sustainably. c) Deploy quickly and scale with their organisation. d) Are cost-effective. Large SOCs in a handful of enterprises could do this by deploying point solutions and hiring experts to manage them. For everyone else, is there a more efficient way to deliver on these capabilities than a consolidated cybersecurity platform? If you’ve found one, stop reading now.

You can tell if someone is scamming you online if they make grammatical or spelling errors, create a sense of urgency, ask you for personal information, offer you something that’s too good to be true or reach out to you unexpectedly. Read the following signs that someone is scamming you online, learn about the most common online scams to watch out for and note our tips on how to protect yourself from becoming a victim.

In today's rapidly evolving cybersecurity landscape, managing Common Vulnerabilities and Exposures (CVEs) is a critical yet increasingly complex task. As organizations scale their digital footprints, the sheer volume and diversity of vulnerabilities they must contend with have grown exponentially. This surge in potential threats, compounded by the sophisticated tactics employed by cyber adversaries, makes CVE management a required but complicated endeavor.

Many of us spend a significant amount of time online working, socialising, consuming entertainment and purchasing in online stores, among other activities. This extensive online presence has made the internet a prime target for scammers who prey on unsuspecting individuals. Over time, these scams have become increasingly sophisticated, with fraudsters developing more convincing schemes that people are likely to fall for.

If your bank account has been hacked, you should contact your bank immediately, change your bank account’s password and place a freeze on your credit report. Because your savings are on the line, you must act quickly when you learn your bank account has been hacked. Read more to learn the common signs of a hacked bank account and what you should do if someone hacks into your bank account.

Last month, Cyentia and First.org published the inaugural Exploit Prediction Scoring System (EPSS) performance report. The report goes beyond just assessing the EPSS predictive scoring model. It looks at historical vulnerability data and published CVEs, as well as provides comparisons to the other popular scoring models: CVSS and CISA-KEV.

In API security, organizations frequently encounter a tough decision: whether to opt for the flexibility and scalability of a SaaS solution or the data control and privacy of an on-premises deployment. Salt Security's hybrid deployment option provides a solution that combines the advantages of a SaaS solution with the assurance of data privacy, offering the best of both worlds for organizations.

Deploying a next-gen cloud-native security information and event management (SIEM) in your security operations center (SOC) is a big step in the right direction toward significantly improving your organization’s security capabilities. But once you have that state-of-the-art SIEM in your SOC, how do you get the most out of it? One key step is building and executing specific SIEM use cases designed to meet the particular needs of your organization.