The rise of Non-Human Identities (NHIs) — think APIs, bots, service accounts, and machine identities — has expanded the attack surface in ways we’re only beginning to understand. NHIs now outnumber human identities in enterprise environments, often by a staggering ratio. While they streamline processes, enable scalability, and facilitate automation, these identities also present significant security risks.

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.

The holidays are a busy time for cyber attackers. They rely on distracted workers and lax security systems to breach an organization’s defenses. Then, they deploy ransomware or perform smash-and-grab operations on as much information as they can get their hands on. Either way, the goal is the same: profiting from a brief moment of weakness in your cybersecurity defenses. If you’re wondering how to prevent hacking during this hectic time of year, Lookout is here to help.

In the spring of 2024, amid growing international concern about supply chain risk and the trust and reliability of technology suppliers, the United States banned Kaspersky Lab, Inc., the Russia-based antivirus company from providing its products to the US market. The ban went into effect on September 30, 2024. What impact has the ban had on US and global usage of Kaspersky? Has it been effective? A new analysis from Bitsight contains some surprising results.

In the cyber security domain, the increase of cyber-attacks alongside the acceleration of businesses’ digital transformation, drive states to deploy a more ringent regulatory framework to protect data and establish a code of conduct for businesses. In this perspective, it is essential to view compliance as an integral component of the wider governance framework, which is grounded in international standards of an interconnected world that makes best use of already tested best practices.

One of the hardest parts of managing an organization’s cybersecurity is patch management. Just as one patch cycle is completed, another set of patches are released. When compounded with the highly regulated energy industry, governed by the NERC CIP Standards, the task becomes even more daunting. Fortunately, Fortra’s Tripwire Enterprise (TE) and Tripwire State Analyzer (TSA) can ease the process.

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.

Threat actors impersonate HR in seasonal phishing campaign, Zloader receives new features and capabilities, and new details emerge about Secret Blizzard.

As company priorities and processes evolve, testing and implementing changes in your workflows is essential, especially for those workflows with a major influence across your business. Should the team push the wrong change live, an alert’s remediation process could be potentially slowed down, or employee information could be revealed to the wrong team.

2024 was a special year for Tines. And a busy one! We introduced 177 (and counting) new product capabilities. We raised an additional $50M from existing investors. And most importantly, our builders – the users of the Tines platform – brought more workflows to life than ever before: solving problems for their teams, and often sharing their learnings with the broader Tines community.