Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Each year, we revisit our risk rating system to ensure it best reflects the needs of security practitioners safeguarding their organizations and supply chains. For our recentupdate, we’ve made two closely related changes: we’ve recategorized some of our existing findings to make an organization’s risk profile more understandable and recalibrated our scoring algorithm to more clearly illustrate the impact of specific risks.

Humans are often regarded as the weakest link in a cybersecurity program. Whether resulting from manipulative cybersecurity tactics or limited cybersecurity awareness, human errors remain the most prevalent attack vectors in every information security program, no matter how sophisticated your cybersecurity stack may be.

Generative AI (Gen AI) has transformed how businesses handle data and automate processes. Its ability to generate human-like content and analyze massive datasets has unlocked new opportunities. However, these capabilities also introduce significant data security risks. Unauthorized access, data misuse, and breaches are growing concerns. Role-Based Access Control (RBAC) is a critical solution for mitigating these risks.

The main difference between Just-in-Time (JIT) access and Just Enough Privilege (JEP) is that JIT access focuses on how long access is granted, which is only on an as-needed basis. On the other hand, JEP focuses on what access is granted. Although both strategies minimize the risk of standing privileges, JIT access and JEP function in different ways with different priorities. Continue reading to learn more about JIT access, JEP, their key differences and how they work together in access management.

Each new PowerShell version introduces new features, performance enhancements, and security improvements. Upgrading empowers you to take advantage of these advancements. It also ensures compatibility with updated APIs, libraries, and frameworks and provides access to contributions from a vibrant community committed to knowledge sharing and best practices.

Imagine a seemingly minor misconfiguration in your cloud storage or an employee accidentally emailing a sensitive file to the wrong person. These incidents might seem trivial, but they can quickly snowball into a massive data breach, causing financial consequences. This scenario is a stark reminder of the importance of understanding and preventing data leaks. Data leaks are a threat to organizations, and developers can play a crucial role in preventing them.

We are fast approaching the end of (another) turbulent year for cybersecurity. Looking back, it's hard to believe that so much can happen in such a short time. As we finish up our work for the year, head home to our families, and prepare to close the book on 2024, it's worth considering what's next. And who better than Fortra's experts to offer insights into the year to come? Keep reading for expert predictions of cybersecurity in 2025.

California Governor Gavin Newsom’s recent veto of SB 1047, a proposed AI safety bill, has sparked a hot debate on the balance between innovation and regulation in the artificial intelligence (AI) space. California has over a dozen AI related bills that have been signed although this bill sought to establish rigorous safety testing requirements for large-scale AI models and introduce an emergency "kill switch" for situations where systems might become dangerous.

Compare compliance and risk management, including how they are similar but ultimately different, and learn important best practices for unifying these strategies.

As 2024 comes to a close, today, I’m reflecting on some of the key events and trends that shaped my offensive security research this year. From publishing my first book to writing regular blogs on some of cybersecurity’s hottest topics, each piece has contributed to a clearer understanding of the evolving digital landscape.