Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyber threats are relentless, sophisticated, and growing. To stay ahead, you can no longer treat threat intelligence as an optional tool—it’s the backbone of a proactive, defense-ready strategy. Threat intelligence feeds bring crucial insights to security teams, from high-level trends to detailed indicators of compromise (IoCs). But no single feed can capture every potential threat. Threat landscapes evolve rapidly and adversaries employ diverse techniques and targets.

On October 12, 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE) by an unauthenticated attacker.

As we discussed in the first article in this series, there are many Internet-exposed control systems, but they are very different from traditional IT systems and require a different security approach. With these systems being so critical and controlling processes that can potentially lead to loss of life if they fail, what is being done to tackle this issue? In this article I’ll dive into this and more, looking at.

PCI DSS is a set of requirements that is applied to every small and large organization that accepts, stores, processes, or transmits cardholder data. In particular, PCI DSS for SaaS companies is essential, as these platforms frequently handle sensitive customer information and must adhere to the latest security standards. In 2024, the updated version of PCI DSS 3.2.1, PCI DSS v4.0, became mandatory after being officially released on March 31, 2022, allowing organizations a transition period.

You may be relieved to know that more and more companies are offering ways to log in to our accounts or save our credentials without having to remember hundreds of passwords. The benefit for us is that we can easily log in to our accounts without resetting forgotten passwords, and our accounts are more secure than ever with more advanced ways to access them. One way we can access our accounts securely is face ID, but many people are concerned about this new technology. Is face ID safe? Is it secure?

There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO’s lists. The tools in the market for API security still have room for improvement, of course. One of the challenges security practitioners face with APIs is understanding the context in which an attack took place.

How often are you surprised by a threat or vulnerability from a software asset you never knew existed? For many companies, the answer is, “More often than we’d like.” This is because you can’t protect what you can’t see. Full visibility across the entire software supply chain is a must for AppSec teams, but this comprehensive view across the attack surface can be elusive.

Today, we announced the exciting news that Snyk has acquired Probely, a fast-growing modern provider of API Security Testing and Dynamic Application Security Testing (DAST). With this addition, Snyk now offers a full range of development and application security solutions, with customers immediately benefiting from a broader range of developer friendly testing techniques.

Elastic Security 8.16 is now available, advancing our mission to streamline security workflows with enhanced data accessibility and AI-driven analytics. Key updates include agentless onboarding for faster cloud security posture management (CSPM) and asset discovery; expanded integrations with Wiz, AWS Security Hub, and Falco for contextualized threat detection; custom knowledge sources for Elastic AI Assistant; and improved support for locally hosted large language models (LLMs).

Security service edge (SSE) is an infrastructure modernization project CIOs, Infrastructure and Operations (I&O), and Networking leaders should have firmly on their radar. A new study from Forrester Consulting assesses the potential business value and benefits of Netskope One SSE. The research discovered that all of the top three benefits (which combine to account for 63.5% of the total economic impact of Netskope One SSE) related to network, infrastructure and operations.