Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An insecure direct object reference (IDOR) is a security vulnerability that occurs when a system’s implementation allows attackers to directly access and manipulate sensitive objects or resources without authorization checks. For example, an IDOR can arise when an application provides direct access to objects based on user-supplied input, allowing an attacker to bypass authorization.

Today, Bitsight and Diligent launched an extension of our partnership focused on correlated, independent, and comparable cyber ratings from Bitsight within Diligent’s Board Reporting for IT Risk. Streamlined data collection and standardized dashboards enable CISOs to deliver clear and consistent insights to the board leveraging Bitsight and Diligent solutions.

Cybersecurity leaders are always working to make smarter investments to improve their programs. Not only do they look to reduce risk from the expanding attack surface and manage supply chain risk, they’re also juggling external pressures from regulators, insurers, and shareholders. As leaders look to technology solutions to help, many look at data analytics to reduce their organization’s risk, manage exposure, and improve overall program performance.

You can know if your phone is hacked if you experience warning signs such as data usage being higher than normal, new apps you didn’t download, unusual or inappropriate pop-ups and more. Continue reading to learn about the warning signs that indicate your phone has been or is being hacked, and what you can do if you discover your phone has been hacked.

SOAR is dead. At first glance, that might be a bold statement, but the writing’s on the wall. While SOAR may have been a thing in the past, it’s not built for hybrid cloud adoption at enterprise scale. Cue, Torq Hyperautomation. Here are 5 reasons why SOAR is dead.

We often think of advanced persistent threats or APTs as threats primarily targeting governments for cyber espionage, but they could have just as much impact on the private sector. Oftentimes, both the techniques and the tooling used overlap between APTs and financially-motivated cybercriminals, and some APT groups themselves have taken to moonlighting as cybercriminals for profit.

On July 18th, 2023, Citrix disclosed a critical authentication bypass vulnerability affecting several versions of Citrix ADC and Citrix Gateway (CVE-2023-3519). The vulnerability was identified by independent security researchers, and was responsibly disclosed to Citrix. This vulnerability could allow a threat actor to execute arbitrary code on affected appliances and may also serve as an initial access vector for ransomware and other types of malicious campaigns.

1Password’s summer of passkey announcements continues!

As business operations evolve, the challenge of securely moving data within the cloud is one of elevated concern. Transferring sensitive information to it is another. Many are caught between what worked in on-prem technologies and what is needed in cloud-based architectures. Others have sidestepped the security challenges by implementing a Managed File Transfer (MFT) solution.

Not too long ago, I watched an automobile commercial on television in which the manufacturer placed a huge emphasis on integrity, going on to define the lines of the automobile. I was impressed by this advertisement, so much so that I started looking at all vehicles in a new way.