Generative AI (GenAI) has the power to transform organizations from the inside out. Yet many organizations are struggling to prove the value of their GenAI investments after the initial push to deploy models. “At least 30% of GenAI projects will be abandoned after proof of concept by the end of 2025, due to poor data quality, inadequate risk controls, escalating costs or unclear business value,” according to Gartner, Inc.

Researchers at ReversingLabs warn that North Korea’s Lazarus Group is targeting software developers with phony job interviews. The threat actors are posing as employees of major financial services firms and send coding assessment tests as part of the interview process. Our team recently recorded a webinar that covers this exact topic, as our cybersecurity experts discuss how we spotted the red flags and stopped it before any damage was done.

Not every cybersecurity threat originates outside of the organization. External threats tend to receive more attention, but an IBM report shows that a breach caused by an insider threat can carry an even higher cost. In fact, malicious insider attacks cost an average of $4.99 million despite accounting for just 7% of breaches. That makes them the most expensive breach vector in the report.

In the past, organizations could control how, when, and where their employees accessed sensitive data. Now, in the age of hybrid and remote work, employees can connect to company networks from any location over nearly any device. Safeguarding data while granting employees the access they need is a delicate balance. That’s where zero trust remote access solutions come into play.

On September 17, 2024, Broadcom released fixes for a critical vulnerability impacting VMware vCenter Server and Cloud foundation, tracked as CVE-2024-38812. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to Remote Code Execution (RCE).

As a security data nerd I am absolutely spoiled here at Bitsight. So much so that I have to stop myself from doing little projects and requests so I can dive into the “big” stuff1. So it is always refreshing when folks see a piece of research and decide “hey can you give me more information on my little corner of the world.” Then of course and can throw off those notions of “stopping” and just dive back in.

Enterprise data consolidation and access have long posed significant challenges in the Security Operations Center (SOC). They often hinder security teams from effectively investigating and taking action on the vast amounts of data they are tasked with protecting. Traditional security tools frequently operate in isolation, lacking the compatibility to create a cohesive data strategy.

To allay dependence on oil revenue and expand the private sector, the United Arab Emirates (UAE) has committed, in recent years, to establishing a knowledge-based economy. Consequently, they have become a formidable competitor in Information Communication Technology (ICT). As the ICT industry has grown, so have government agencies to regulate it, namely the Signals Intelligence Agency, formerly known as (and often still referred to as) the National Electronic Security Authority (NESA).

This is the third article in a series about cloud-based attack vectors. Check out our last article about Cloud-Based ransomware! As Identity Access Management (IAM) becomes more complex, it becomes possible for an attacker to exploit the capabilities of legitimate permissions alone or in combination, escalating privileges and gaining potentially devastating levels of access. Because these privileges are legitimate, these attacks can be difficult to detect until the damage is already done.

Engineering Leaders are stretched thinner than ever, racing to deliver innovative products and scale operations while securing a complex digital ecosystem across the increasing perimeter of code, DevOps, compliance, and more. Remember the infamous MOVEit attacks that compromised nearly 2,000 organizations, from BBC and Harvard to local government agencies. Over 67 million individuals were affected, underscoring the devastating consequences of such breaches.