Personally Identifiable Information (PII) is data that can uniquely identify an individual, such as an employee, a patient, or a customer. “Sensitive PII” refers to information that, if compromised, could pose a greater risk to the individual’s privacy and misuse of information for someone else’s gains.

As Kubernetes and containerized environments become the backbone of modern application development, securing these environments grows increasingly complex. The distributed nature of microservices, the dynamic scaling of workloads and the ephemeral nature of containers introduce unique security challenges. Traditional approaches to risk assessment — where vulnerabilities, misconfigurations and threats are identified and prioritized in isolation — often fall short in such environments.

On October 9, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. This flaw allows a remote attacker to run pipelines on arbitrary branches within a repository, which could potentially lead to code execution. A GitLab pipeline consists of a series of automated processes that execute in stages to build, test, and deploy code.

Early last month, Netskope announced a few key security innovations across the Netskope One platform and some of my colleagues kicked off the conversation about Netskope Risk Exchange in a previous blog, Evolving the Netskope Risk Exchange Ecosystem. This blog series will continue to explore a number of different workflows that those comfortable using basic scripting, or enablement tools like Postman, can employ to programmatically update and inform your inline policy actions.

A Software Bill of Materials (SBOM) is essentially an inventory of the components used to build a software artifact, such as an application. While the concept of tracking an application’s components is not new, its importance has grown in recent years due to the rising threat of software supply chain attacks. One significant example is the SolarWinds attack, which highlighted how threat actors are increasingly targeting vulnerabilities in software components during the delivery process.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A bit ouch I would say. Bad luck…

As cyberattacks are becoming more sophisticated, traditional security measures such as firewalls and intrusion detection systems (IDS) are no longer sufficient. That’s why Network Detection and Response (NDR) is brought into the picture, to provide better and advanced solutions. It comes with real-time detection, automated responses, and advanced analysis. This blog focuses on the protective defense capabilities of NDR in cyber security.

In the ever-evolving cybersecurity landscape, the debate between Universal ZTNA and Traditional ZTNA is heating up. While Traditional ZTNA has been a cornerstone for secure access, Universal ZTNA is redefining the game with its comprehensive, adaptive approach. Imagine a security solution that fortifies your network and seamlessly integrates with any environment, providing unparalleled protection and flexibility. Ready to explore the future of secure access?

The role of the сhief information officer (CIO) has transformed over the years, extending beyond traditional technical responsibilities. Currently, CIOs are facing numerous issues, such as widely distributed workforces, economic hurdles, and adopting cutting-edge technologies. In this article, we’ll cover these and other challenges facing CIOs today, and measures you can take to navigate them.

In the healthcare industry, safeguarding patient data is not just a regulatory requirement but a moral imperative. With the increasing digitization of health records and the rise in cyber threats, healthcare organizations need robust security solutions. Microsoft E5 offers a comprehensive suite of security features designed to protect sensitive healthcare data. Coupled with Trustwave’s Microsoft expertise, organizations can get the most out of their E5 investments.