Recent critical vulnerabilities in ServiceNow, a widely used cloud platform, have put numerous organizations at risk of data breaches. Threat actors are exploiting these input validation flaws, enabling remote code execution and unauthorized access. Despite recent fixes, government agencies, data centers, and private firms remain targeted. This blog highlights how these flaws are exploited for data theft and outlines security measures to mitigate these risks.

In the fast-paced world of modern software development, grasping the full scope of an application is essential for managing an application security program. This entails having visibility into all the application assets involved in building the app, knowing their ownership, and understanding their importance to the development process and the broader business.

AI adoption continues to move at a breakneck speed for businesses across the globe, as shown in a Coatue report comparing AI adoption to early internet adoption and found that AI growth is happening at two times the speed of the former.

In the previous blog of this series, we unpacked the foundational concepts of encryption at rest and introduced you to Elastic Cloud’s “bring your own key” (BYOK) feature, which allows you to do encryption at rest with encryption keys managed by the KMS service of your cloud provider.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I wondered when I would hear knives being sharpened.

The essentials of what you need to know about 10 common frameworks and how to benefit from these structured approaches for reducing cybersecurity risk.

The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. Researchers at Zscaler claim in a new report that the record-breaking figure was paid by an undisclosed Fortune 50 company to the Dark Angels ransomware group.

On July 24, 2024, Google announced an 18-hour-long issue on its Chrome web browser regarding its password manager. A bug prevented millions of Windows users from accessing their passwords on Google Password Manager when using Chrome as their web browser.

If you’re tempted to share a password over email, there are several security risks you should be aware of before doing so. Sending passwords over email is dangerous because emails are unencrypted and can be intercepted by cybercriminals. When data is unencrypted, it could be read or saved by the wrong or malicious recipients. Read on to learn why sending passwords through email is risky and how you can use a password manager to safely share your passwords instead.

In today’s data-driven world, safeguarding sensitive information is paramount. A well-crafted Data Loss Prevention (DLP) strategy acts as a shield, protecting your organization from costly data breaches and reputational damage and ensuring you meet regulatory requirements. Following a step-by-step guide ensures you cover all the essential bases, from selecting a loss prevention policy that aligns with your needs to conducting regular security audits.