Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As cyber security threats proliferate, cyber risk conversations are no longer limited to the Security Operations Center (SOC); they command the attention of the C-suite and the boardroom. Ultimately, cyber-crime is a significant and prominent issue. The average cost of a data breach in the U.S. has soared to nearly $9.44 million this year. Since 2018, cyber insurance carriers report that incident-related claims increased by an astonishing 486%, the majority being ransomware-related.

Kubernetes has emerged as the de facto standard for container orchestration, enabling organizations to manage and scale their applications efficiently. However, with this increased adoption comes the need to address security concerns within Kubernetes environments. The following blog post will explore the concept of ignoring security findings as a means of prioritizing fixes effectively.

CIS IIS 10 Benchmark provides prescriptive guidance for establishing a secure configuration posture for Microsoft Internet Information Services (IIS) version 10. The benchmark provides guidance for establishing a secure configuration posture for IIS version 10. The benchmark is divided into two levels of security controls: Level 1 and Level 2. Level 1 provides a set of fundamental security measures that can be implemented with little or no impact on service availability.

CyberWire wrote: "Researchers at SlashNext describe a generative AI cybercrime tool called “WormGPT,” which is being advertised on underground forums as “a blackhat alternative to GPT models, designed specifically for malicious activities.” The tool can generate output that legitimate AI models try to prevent, such as malware code or phishing templates.

In the 1960s, Theodore Levitt published his now famous treatise in the Harvard Business Review in which he warned CEOs of being “product oriented instead of customer oriented.” Among the many examples cited was the buggy whip industry. As Levitt wrote, “had the industry defined itself as being in the transportation business rather than in the buggy whip business, it might have survived. It would have done what survival always entails — that is, change.”

The concept of privileged access management (PAM) has evolved over time, starting with the idea of role-based access control (RBAC) where permissions are assigned based on job roles. However, organizations soon realized that defining concrete roles for individuals was challenging due to the flexible and evolving nature of businesses. This led to the need for automating the access request process and empowering employees to self-serve and elevate their access based on their needs.

Imagine a world where IoT devices not only collect and transmit data, but also analyse, interpret, and make decisions autonomously. This is the power of integrating artificial intelligence in IoT (AI with the Internet of Things). The combination of these two disruptive technologies has the potential to revolutionize industries, businesses, and economies.

Manual code reviews provide a lot of value but are slow, error-prone, and don't scale. Automated testing can take a lot of pressure off review teams.

On June 20, 2023, Descope published research detailing how a combination of a flaw in Azure Active Directory and poorly integrated third-party applications — dubbed “nOAuth” — could lead to full account takeover. nOAuth is the latest in a large number of vulnerabilities and architectural weaknesses in Microsoft software and systems like Active Directory that can be exploited and put organizations at risk.

XDR and MDR are cybersecurity solutions to enhance an organization's threat identification and response capabilities. While both solutions target the same objective, they employ different approaches. MDR strengthens an organization's internal security team with external expertise, whereas XDR streamlines security architecture through a centralized dashboard and automation of tedious tasks.