Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The EU AI Act introduced the first comprehensive, harmonized regulatory framework for managing AI systems ethically and responsibly. Before the Act, the closest we had to such robust guidelines was ISO 42001, which has a similar overarching goal. ‍ If you’ve already implemented ISO 42001, you might have a head start in achieving EU AI Act compliance. In this guide, we explain why this is the case by covering: ‍

The cybersecurity community is facing a seismic shift. MITRE’s announcement that its contract to operate the Common Vulnerabilities and Exposures (CVE) program will expire on April 16, 2025, without a clear renewal plan, has sent shockwaves through the industry. This development threatens to dismantle a cornerstone of global cybersecurity coordination.

A risk register is a GRC tool used by teams to identify, assess, and manage various risks within an organization. It acts as a centralized repository and looks at the impact and probability of a risk to prioritize its management. In cyber security, a risk register helps maintain compliance with various standards like the ISO 27001 Information Security Management System (ISMS), NIST SP800-30 Guide for Conducting Risk Assessments, or the new European NIS 2 directive.

The concept of responsible disclosure is a simple one. If you find a vulnerability, you let the affected organization or software vendor know before making the information public. This gives them time to patch the vulnerability before it can be exploited. It also helps maintain trust and fosters a collaborative environment between security researchers and companies. As a cybersecurity vendor, do we want our researchers to be credited when they discover vulnerabilities? Of course.

84% of board directors acknowledge cyber risk as a business risk, according to Gartner’s 2024 Board of Directors Survey (subscription required). Yet, many CISOs still find it difficult to secure enough support and resources to drive cybersecurity initiatives forward. What CISOs need most to obtain sufficient backing from the board are tools that convey cybersecurity issues effectively.

Have you ever installed a driver in your Windows OS from a third-party vendor and faced strange WHQL (Windows Hardware Quality Labs) errors? If the driver isn’t WHQL certified, you may encounter errors like “This app can’t run on your PC.” In the worst-case scenario, you might experience the Blue Screen of Death (BSOD), causing system crashes and displaying only a blue screen.

Bitsight customers and their third-party partners are well on their way to gaining faster clarity on how their remediation efforts impact their Bitsight Security Ratings. In an effort to support organizations that use Bitsight to prioritize internal security work, we started a phased rollout of Dynamic Remediation, a new initiative that accelerates the rating refresh process and makes it more responsive to meaningful security remediations.

In DNS spoofing, hackers will modify DNS records that are directing web traffic in a way that users will now be sent to fraudulent websites that may seem legitimate. Basically, DNS is the internet's phone book. However, DNS can be tricked. In DNS spoofing, the cybercriminals place false DNS records in the DNS server cache, which resolves and directs users to websites controlled by the attacker.

Let’s start with an obvious statement, and then let’s dig into it. Security incident investigations are expensive. Period. Especially when multiple highly-skilled team members are involved. Every hour spent hunting down threats or false alarms carries a real dollar cost. Industry research shows that the fully-loaded labor rate for IT security staff averages about $62.50 per hour.

Autonomous AI agents - known as Computer-Using Agents (CUAs) - are no longer science fiction! These systems can browse websites, interact with applications, and carry out tasks on their own. While intended to increase productivity, they can already be repurposed by threat actors for malicious use.