In the previous blog of this series, we unpacked the foundational concepts of encryption at rest and introduced you to Elastic Cloud’s “bring your own key” (BYOK) feature, which allows you to do encryption at rest with encryption keys managed by the KMS service of your cloud provider.

Modern IT infrastructure is comprised of various interconnected network components that make communication and resource sharing possible throughout your organization. Whether securing sensitive data, facilitating collaboration, or simply ensuring uninterrupted access, a network of devices is at play—and the elements of these devices are critical to a business’s successful operation.

A critical flaw in Hotjar that combines XSS with OAuth putting millions of websites at risk, exposing user data and risking account takeovers. Hotjar, a trusted product experience insights platform used by over a million websites, including global brands like Adobe and Microsoft, offers powerful behavior analytics and feedback tools. These include Heatmaps, Recordings, Surveys, and Feedback, which help product teams understand user behavior and improve user experience (UX).

The NIS2 Directive is the European Union’s flagship cybersecurity law, poised to significantly strengthen cyber defenses across the EU when it takes effect on 17 October 2024. This upgraded version of the 2016 NIS Directive (NIS1) not only introduces stricter rules but also broadens its reach, covering more sectors and businesses, ensuring comprehensive protection and a stronger security posture.

In this blog, we are going to take a closer look at the concept of Fuzzing, using Go, and how to integrate it into your CI/CD pipeline. As a quick primer, Fuzzing is an automated testing technique that involves feeding random, unexpected, or invalid data to a program or API to uncover bugs and vulnerabilities. The core idea is to expose the program to inputs that developers may not have anticipated, thereby revealing flaws such as crashes, memory leaks, and security vulnerabilities.

Read also: A Coinbase hacker jailed for a $900K crypto scam, a North Korean hacker indicted for ransomware attacks on hospitals, and more.

AI adoption continues to move at a breakneck speed for businesses across the globe, as shown in a Coatue report comparing AI adoption to early internet adoption and found that AI growth is happening at two times the speed of the former.

1Password Business customers can now integrate with Google Identity Platform using OpenID Connect (OIDC). Doing so brings all the benefits of integrating 1Password with your IdP: streamlined access, unified security policies, and improved auditing, compliance, and reporting workflows.

In the fast-paced world of modern software development, grasping the full scope of an application is essential for managing an application security program. This entails having visibility into all the application assets involved in building the app, knowing their ownership, and understanding their importance to the development process and the broader business.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I wondered when I would hear knives being sharpened.