As a continuation of our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we headed down the (metaphorical) corridor to the Threat Labs. We wanted to extract from them some threats and cyberattack-related predictions, based on what they are starting to see evolving in the landscape. We’ve got a great selection, covering generative AI, software supply chain, and social engineering. Strap in!

In this series, you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta secure. We’ll also share some guidance for teams of all sizes—whether you’re just getting started or looking to uplevel your operations. ‍ In this post, you’ll hear from Janiece Caldwell, Senior Operations Engineer on Vanta’s Enterprise Engineering Team. ‍

Clark County School District in Nevada, the fifth-largest school district in the United States, recently experienced a massive data breach. Threat actors gained access to the school district’s email servers, which exposed the sensitive data of over 200,000 students. The district is now facing a class-action lawsuit from parents, alleging it failed to protect sensitive personal information and take steps to prevent the cybersecurity attack.

The major news in technology policy circles is this month’s release of the long-anticipated Executive Order (E.O.) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. While E.O.s govern policy areas within the direct control of the U.S. government’s Executive Branch, they are important broadly because they inform industry best practices and can even potentially inform subsequent laws and regulations in the U.S. and abroad.

It might be hard to remember, but around twenty years ago, Amazon was only known for one thing: selling books. But it’s grown up in the last two decades, encompassing multiple business verticals, and selling more than just books (especially convenient when you need garbage bags, a spatula, and holiday decorations all at the same time).

Based in Central New York, Systems East, Inc., is a finance, billing, and payment solution for commercial software products. Their software options differ from other finance payment options by their cross-system elements. The Systems East software provides one tool to manage multiple accounts and tasks. Systems East’s local success may be short-lived, however, because they’ve suffered a data breach—a big one.

The information stealers ecosystem continues to expand as we witness the ongoing maintenance and new capabilities in the latest stealers versions. 2023 was a good year for InfoStealers as they keep evolving along with exploiting the popular vulnerabilities from the last years to infiltrate targeted devices. InfoStealer malware has become increasingly widespread, new business models are being introduced and new detection evasion capabilities are being implemented.

Panoptica Cisco’s Cloud Application Security platform provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments.

AWS Re:Invent in Las Vegas is just around the corner, Nov. 27th – Dec. 1st, 2023. Stop by to meet us at booth 1276 (Outshift by Cisco)! For over a decade, the worldwide cloud community has gathered at re:Invent, fostering connections, drawing inspiration, and envisioning groundbreaking innovations. And we’re excited to be there as well!

Since 2005, the Common Vulnerability Scoring System (CVSS) has been used to assess and communicate the severity of vulnerabilities in software. If you’re involved in cybersecurity, even if you’re not directly involved in managing vulnerabilities, you’ve probably come across CVSS designations like ‘critical’ or ‘high’ when referring to vulnerabilities in the industry.