Active Directory (AD) is crucial for an organization’s identity and access management strategy, but its complex architecture is also a prime zone for overlooked vulnerabilities. One such feature that’s often overlooked is Active Directory Certificate Services (ADCS). Active Directory Certificate Services ADCS is a service that provides a robust solution for managing digital certificates in a Windows Server environment. It leverages AD to manage certificates in a domain environment.

SQL injection (SQLi) has a history that is older than Internet Explorer (which according to Gen Z was the start of civilization). There have been thousands of breaches caused by SQL injection and an endless amount of well-documented best practices and tools to help prevent it. So surely, surely we learned our lesson from these breaches and SQLi is no longer an issue.

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code. By stealing other people's Google Voice accounts, hackers and scammers impersonate their victims by luring others into fraudulent transactions. Scammers make millions per year using other people's Google Voice accounts. How should users protect their identification and PIN codes for bank accounts, travel sites, and Google Voice accounts?

SCB 10X, the disruptive technology investment and innovation arm of SCBX Group, has launched Rubie Wallet, a digital wallet application designed to facilitate seamless QR payments using USDC and THBX (Thai Baht Stablecoin). Its key activation will be for foreign visitors attending DevCon 2024 in Bangkok. The stablecoin was developed in collaboration with Elliptic, Circle, Base, SCB, and InnovestX, with Fireblocks providing Wallets-as-Service infrastructure for the platform.

Savvy security leaders are moving from the legacy framework of vulnerability management to the emerging framework of exposure management because it solves their biggest challenges. The attack surface, which now contains cloud assets, distributed and mobile employees, and Internet of Things (IoT) integrated into every aspect of the workplace, is too complicated and changes too quickly to be managed with outdated methods and technologies.

API attacks can be costly. Really costly. Obvious financial impacts like legal fines, stolen finances, and incident response budgets can run into the hundreds of millions. However, other hidden costs often compound the issue, especially if you’re not expecting them. This article will explore the obvious and hidden costs of API breaches, their long-term business impacts, and how you can communicate the importance of API security to business stakeholders and decision-makers.

Data Loss Prevention (DLP) solutions are essential for safeguarding valuable data. They scan traffic to prevent the transmission of sensitive information such as credit card details and personal identifiable information (PII) such as Social Security Numbers (SSNs). However, traditional DLP solutions are often complex to configure, manage, and operate.

‍The evolution of the cyber risk management landscape is constant, and with each passing year, market players find themselves in the position of having to readjust their strategies, whether in brand positioning, cybersecurity, or beyond, to account for these consequent changes. While some of the shifts are welcome, others are less so. Nevertheless, all require careful foresight.

When engineering teams move their workloads to the cloud, it’s often possible that sensitive data—such as credit card numbers, login credentials, and personally identifiable information (PII)—unintentionally moves to the cloud with them. To secure this data, avoid costly breaches, and meet GRC requirements, these teams often catalog where this data is stored and establish the right controls to limit access.