In November 2023, while conducting a security assessment on a client’s instance of the Oracle Integration Cloud Platform, I discovered a medium severity vulnerability nestled within the handling of the “consumer_url” URL parameter. This flaw unveiled a Cross-Site Scripting (XSS) vector that could be exploited by a user with malicious intent.

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training tools. In this blog post, we'll present a curated list of such APIs, each with its own unique set of characteristics.

In the first part of this blog series, we discussed the primary data security challenges identified as most significant for c-suite respondents from our executive research. In the ever-changing landscape of modern business, harnessing the full potential of data has become imperative for enterprises aiming to future-proof their operations. However, to truly unlock this potential, organisations must critically assess their approach to data security across three vital areas.

In today’s interconnected business environment, organizations rely heavily on third parties, and while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. This makes vendor risk management (VRM) a critical component of any company's overall risk management strategies. Effective VRM practices help protect sensitive data and maintain robust security postures, minimizing the potential risks introduced by vendors.

Earlier this year, we announced Bitsight’s next-generation internet scanning, Bitsight Groma, and AI-powered discovery and attribution technology, Bitsight Graph of Internet Assets (Bitsight GIA). While these technologies work as partners in the Bitsight Cyber Risk Data Engine to create a dynamic map of internet infrastructure, it is helpful to separate them out to understand their unique contributions.

In today's rapidly evolving digital landscape, organizations face the critical challenge of maintaining robust data security while ensuring seamless access and collaboration. As businesses become increasingly digitized, the volume of sensitive and confidential information shared across departments, with suppliers and partners, has skyrocketed. This digital transformation brings numerous benefits but also heightens the risk of data loss, leakage, and unauthorized exposure.

Snowflake is a fully managed data platform that enables users to store, process, and analyze large volumes of data across their cloud environments. Recently, Datadog’s Security Research Team posted a threat hunting guide to help defenders ensure the security of their Snowflake instances.

MuddyWater deploys BugSleep malware, researchers discover malicious files on the npm registry, and Void Banshee exploits a Microsoft MHTML flaw.

Upgrade your PostgreSQL instance to the newest version with confidence! In this benchmarking blog post, we show you the performance improvements you can expect when upgrading from PostgreSQL 13 to 16.