Today, I’m delighted to announce the release of Jit’s Context Engine, which uses the runtime context of vulnerabilities to automatically prioritize the top security risks in our customers’ cloud applications. One of the defining challenges of product security is the overwhelming volume of alerts generated by code and cloud security scanners, which is especially painful when the majority of “issues” don’t pose any real security risk.

Imagine: You get an email from your bank alerting you to a suspicious login attempt. It looks identical to their usual security notices, down to the logo and phrasing. You click the link to review the activity, log into your account—and unwittingly hand your credentials over to a cybercriminal. This is the reality of clone phishing.

We’ve recently announced a new Domains page and major improvements to existing capabilities for setting custom attack surface policies. These updates bring unprecedented control over attack surface data and enable organizations to seamlessly configure alerts for policy breaches based on their unique definition of risk, a feature unmatched by any other player in the EASM space. With the new Domains page and the major improvements to Attack Surface Policies, customers can benefit from.

As flexible working arrangements become increasingly common across every industry, companies need secure, dependable ways to grant remote employees online access to company data, services, and applications. Productivity in today’s highly digital business environment depends upon employees being able to access the systems and information they need for work when needed, from any location.

The vendor risk management lifecycle (VRM lifecycle) is an end-to-end system that categorizes critical VRM or third-party risk management processes into three phases: vendor onboarding, ongoing risk management, and continuous monitoring.

The healthcare sector is a top target of cyber criminals eager to steal sensitive data and extort high ransoms. The key to thwarting costly attacks is to understand that identity is the new security perimeter. By implementing robust identity and access management (IAM), healthcare organizations can significantly enhance their security and cyber resilience. This article explains the role of IAM in healthcare and details the most pressing IAM gaps to address.

Open Access or unrestricted file share access is an inevitable condition that exists in most if not all, enterprise environments. Many organizations create ‘Open Shares’ to allow end-users an easy way to access resources.

Machine identities make up the majority of the over 12.7 million secrets GitGuardian discovered in public in 2024. Let's look at how we got here and how we fix this.

I have created a comprehensive webinar, based on my recent book, “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. It contains everything that KnowBe4 and I know to defeat scammers. The evidence is clear – there is nothing most people and organizations can do to vastly lower cybersecurity risk than to mitigate social engineering attacks. Social engineering is involved in 70% to 90% of all successful attacks.

When the news first broke about a potential data breach at Ticketmaster, the details were murky. The Department of Home Affairs confirmed a cyber incident affecting Ticketmaster customers, but the extent of the breach and the veracity of the claims made by the hacker group ShinyHunters were unclear. As the story unfolded, it became evident that the breach was indeed real, and the personal details of millions of customers had been compromised.

When it comes to cybercrime, there are few tactics as useful and widespread as credential theft and the use of stolen credentials. In the 2023 breach of password management giant Okta, it was a set of credentials that jumpstarted the incident — threat actors hacked into an employee’s personal Google account, where they found an Okta customer service account had also been saved.