Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Okta 52-character username vulnerability has brought to light a significant security issue within the popular identity and access management (IAM) platform used by many enterprises worldwide. This vulnerability allows attackers to exploit a username constraint to bypass certain authentication checks, which could have severe implications for businesses relying on Okta’s services for secure user verification and access control.

Trustwave has been named a Leader in the IDC MarketScape: Asia/Pacific (APAC) Managed Security Services (MSS) 2024 Vendor Assessment (IDC, September 2024) and a Major Player in the IDC MarketScape: Asia/Pacific Professional Security Services 2024 Vendor Assessment (IDC, September 2024). "Trustwave is proud to be recognized as a Leader and a Major Player respectively by the IDC MarketScape in MSS and PSS across APAC", said Trustwave CEO Eric Harmon.

Data sharing for offshore testing, development, and other operational needs is often essential in the healthcare industry. Yet, laws governing Protected Health Information (PHI) make this challenging, as sending sensitive data outside the U.S. can introduce significant regulatory risks. To stay compliant, healthcare companies need solutions that can anonymize data without compromising its usability or accuracy.

On November 14, 2024, Palo Alto Networks disclosed five critical vulnerabilities in its Expedition configuration migration tool, a solution designed to simplify the migration of firewall configurations from third-party vendors to Palo Alto Networks’ PAN-OS infrastructure. These vulnerabilities—tracked as CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, and CVE-2024-9467—expose users to risks such as unauthorized access, data leakage, and system compromise.

As businesses increasingly turn to artificial intelligence (AI) to enhance innovation and operational efficiency, the need for ethical and safe implementation becomes more crucial than ever. While AI offers immense potential, it also introduces risks related to privacy, bias, and security, prompting organizations to seek robust frameworks to manage these concerns.

Fraud is a rampant threat to individuals and organizations worldwide and across all sectors. In order to protect against the dangers of fraud in its many forms, it is vital to stay in the loop on the latest fraud trends and the threat landscape. The Fraudscape 2024 report from Cifas, the UK’s Fraud Prevention Community, is an effort to share this information to help prevent fraud.

Cyberbiosecurity has emerged as an essential area of interest as the boundaries between the digital and biological sectors continue to blur. With rapid advancements in areas such as artificial intelligence, automation, and synthetic biology, the need for strong cyberbiosecurity protections has grown to safeguard the bioeconomy. As biotechnology evolves, it creates a complex landscape where breaches can have consequences far beyond typical cyber risks.

Organizations lose $16.2 million annually (up from $15.4 million) due to insider threats. Many businesses still can’t prevent these threats effectively. Malicious or negligent employees continue to risk sensitive data and systems despite strong external security measures. Security professionals must solve a big challenge – protecting against insider threats while keeping operations running smoothly.

Crypto staking platforms empower investors to earn passive income through participating in blockchain networks. In recent years, these platforms have evolved from simple validator nodes to sophisticated financial infrastructure, processing billions in staked assets. This shift represents a fundamental change in the cryptocurrency landscape as it moves from pure speculation to productive asset utilization.

Late last night, I received a notification from SecurityScorecard alerting me to a newly discovered vulnerability, Solarwinds, with potentially severe business implications for my organization. It’s now 6AM, and I’ve been up through the night, digging into the latest security research to fully assess the risk and scope of exposure. Thanks to SecurityScorecard’s real-time automated alert, I’m ahead of the situation and have already proactively briefed our CIO and executive team.