In the past, many security teams considered securing secrets enough – if your secrets were secured, you were good. While you’re still kind-of-good staying on this course, security professionals increasingly recognize that just securing secrets is not enough – organizations require a more sophisticated solution to help protect themselves in today’s increasingly sophisticated threat landscape.

In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security. By monitoring and examining system responses and device status, HIDS identifies and tackles nefarious behaviors that are often overlooked by conventional defenses.

In today’s digital age, the exchange and storage of information has become very common in all sectors of the world, healthcare being no exception. But with this transmission and storage comes the dangers of security and unauthorized access. The Health Insurance Portability and Accountability Act (HIPAA) was enacted with stringent regulations to safeguard this data and its violations can be severe.

Avast Threat Labs recently exposed and blocked a highly sophisticated malware operation known as GuptiMiner.

Vendor risk assessments are critical for any organization that relies on third-party vendors. Third-party risk can negatively affect an organization’s security, compliance, and performance, resulting in devasting security breaches or disruptions in its supply chain that halt business operations. Organizations use vendor risk assessments to evaluate and manage third-party vendor risks associated with outsourcing business operations or procuring goods from external suppliers.

A command injection vulnerability, being tracked as CVE-2024-3400, was recently discovered in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability has a CVSS score of 10 (Critical) and is actively being exploited in the wild. It impacts versions PAN-OS 120.2, PAN-OS 11.0 and PAN-OS 11.1. If exploited on vulnerable PAN-OS versions and distinct feature configurations, an unauthenticated attacker could execute arbitrary code with root privileges on the firewall.

Traditional methods of flaw remediation are not equipped with the technology to keep pace with the rapid evolution of code generation practices, leaving developers incapable of managing burdensome and overwhelming security debt. Code security is still a critical concern in software development. For instance, when GitHub Copilot generated 435 code snippets, almost 36% of them had security weaknesses, regardless of the programming language.

The EU Cyber Solidarity Act is a new initiative that follows the European Union's latest efforts to build stronger cyber defenses against evolving cybersecurity threats. This legislation introduces a new strategy for enhanced cooperation between EU member states and focuses on how EU nations can better prepare and respond to cyber incidents.

TrustCloud’s AI already pre-fills up to 80% of a security questionnaire, but we’ve developed the next iteration. TrustShare has built new generative AI capabilities called GraphAI. GraphAI will still find the right answer for a security questionnaire topic, but now it will better account for context and generate more natural, accurate responses based on your program controls. GraphAI is built on a retrieval-augmented generative (RAG) model on our large language model (LLM).

DeepCode AI Fix is an AI-powered feature that provides one-click, security-checked fixes within Snyk Code, a developer-focused, real-time SAST tool. Amongst the first semi-automated, in-IDE security fix features on the market, DeepCode AI Fix’s public beta was announced as part of Snyk Launch in April 2023. It delivered fixes to security issues detected by Snyk Code in real-time, in-line, and within the IDE.