Bring Your Own Device, better known as BYOD, is when employees can use their personal devices on a company’s network to complete their work tasks. Companies sometimes prefer their employees to use their own devices because they save money on providing technology and resources. Despite this financial benefit, companies should recognize the security risks BYOD can bring to their employees and organizations.

The months leading up to audits can be some of the most stressful for security and privacy teams. Some audits can take up to 9 months to prepare for and another 3 months to complete, with security and privacy teams spearheading the evidence collection. Collecting evidence used to be a walk in the park, but that was before multi-cloud environments, new standards, and emerging regional privacy requirements.

In a recent cybersecurity incident, a hacker breached Mobile Guardian, a widely used digital classroom management platform, and remotely wiped data from at least 13,000 student devices. Mobile Guardian, a partner of 'Google for Education,' offers comprehensive device management, secure web filtering, classroom management, and communication solutions for K-12 schools worldwide.

In a notable development in the cybersecurity landscape, the emerging threat group known as Hunters International has added a novel remote access Trojan (RAT) to its arsenal. This group, which has quickly ascended the ranks of ransomware operators, is using the RAT, dubbed SharpRhino, to target IT professionals. Disguised as a legitimate network administration tool, SharpRhino facilitates initial access and persistence on targeted networks, setting the stage for ransomware attacks.

Samsung has introduced a groundbreaking bug bounty program offering up to $1,000,000 for discovering critical vulnerabilities in its mobile devices. This initiative, named the 'Important Scenario Vulnerability Program (ISVP),' underscores Samsung's commitment to bolstering the security of its Galaxy devices. The program focuses on vulnerabilities related to arbitrary code execution, device unlocking, data extraction, arbitrary application installation, and bypassing device protections.

Snyk’s goal has always been to empower developers to build fast but safely. This is why we created the developer security category and why we were amongst the first advocates of “shifting left.” Now, AI has changed the equation. According to Gartner, over 80% of enterprises will have used generative AI APIs or models, or deployed their own AI model, by 2026.

When performing a security assessment, many folks will focus on asset management. This is an important first step, as it often reveals assets in the environment that were previously unknown. The next step in determining how to best secure the organization is to establish a baseline of the current state, and to define what the secure baseline should be. Too often, the existing baseline is far below the minimum standard.

If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details.

The Microsoft 365 E5 license gives you access to a slew of valuable Microsoft Security products that will cover you quite well for all your enterprise security monitoring needs. However, monitoring is only part of the security equation; the resources and services you add to it will help you get real value from E5.

The prevalence of APIs in today's digital environment is undeniable. They are crucial for modern applications, enabling seamless communication and data exchange between different software components. The rise of AI and machine learning has further accelerated API adoption, not only for accessing data and resources but also for rapid API development and deployment.