Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Citizen developers, often without a formal background in programming, are harnessing the power of generative AI capabilities to create powerful business applications and automations in low-code/no-code platforms like Microsoft Power Platform, Salesforce, and ServiceNow. While this democratization of software development brings about numerous benefits, it also introduces a host of new cybersecurity risks that organizations must address to safeguard their sensitive data and maintain compliance standards.

This is a continuation of my interview with Scott Scheppers, chief experience officer for AT&T Cybersecurity, on the cybersecurity talent shortage. Scheppers points out that organizations have to pay attention to compensation when it comes to talent retention. “Good pay - don’t discount that. You need to be competitive and compensate people well, but that’s not the only thing that matters.”

DataTrails enables compliance and audit teams to eliminate the time-wasting and error-prone processes with our new solution. With the introduction of our Dropbox connector, there is a no-code solution that provides notarized evidence of your file’s metadata. Now you can capture legally admissible proof for your business with just a few clicks. To get started, set-up a free DataTrails account and connect it to Dropbox by following these instructions.

What do you need to become a successful bug bounty hunter? Most importantly: a hoodie. But qualities like professionalism, a growth mindset, and good communication skills count, too.

Businesses today leverage technology in almost all aspects of their operations because it enhances efficiency. However, this reliance on digital tools exposes them to cyber threats like an eavesdropping attack. Research says more than 37% of smartphones worldwide have become eavesdropping targets. That's a lot of mobile devices belonging to employees of many companies. So, understanding what an eavesdropping attack is and how to prevent it can save your organization from potential problems.

My new favorite company took center stage in iconic New York Times Square today with a multi-story high 3D visualization of our revolutionary secure access service edge (SASE) platform. It’s positively mesmerizing, take a look: The move signals a seismic shift happening across enterprises, the need to have an IT infrastructure that can easily adapt to anything at any time, and the transformative power of Cato’s networking and security platform.

On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to the vendor’s network-attached storage (NAS) devices. Both vulnerabilities have been given critical CVSS scores (CVE-2023-23368: 9.8, CVE-2023-23369: 9.0) and both can lead to unauthenticated, remote threat actors executing commands if successfully exploited.

On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM solution. In the investigation conducted by SysAid, it was determined that the vulnerability was being actively exploited by a ransomware affiliate group known as Lace Tempest (DEV-0950), a group known for deploying the CL0P ransomware payload.

More decision-makers are investing in grid modernization efforts, knowing that doing so is necessary for keeping pace with modern demands. For example, smart grid fault-detection sensors could warn utility company providers of problems in real time, preventing costly and inconvenient outages. Technologies like the Internet of Things (IoT) can also improve stability. An IoT grid-monitoring approach allows authorized parties to oversee electrical infrastructure from anywhere.

As discussed in the previous blog, the insurance sector, like other financial institutions, face various unique cybersecurity challenges. Of primary concern is its responsibility for safeguarding sensitive customer data. This data has long been a prime target for cybercrime — a trend that has endured even as today’s IT landscape, and the threats against it, continue to evolve.