Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft Ignite 2023 was an eventful one, with many announcements across Microsoft’s AI Copilot capabilities. The biggest announcement, in our opinion, is that of Microsoft Copilot Studio, a low-code tool that allows professional and citizen developers to build standalone AI Copilots, as well as customize Microsoft Copilot for Microsoft 365.

As the times change and the threats evolve, financial institutions face relentless cyber threats from an ever-expanding number and variety of attack vectors. While individual resilience is important, the heavily interconnected nature of today’s financial services industry demands a unified approach to defense where all participants actively engage in Cyber Threat Intelligence (CTI) sharing for the greater good.

Researchers discover a new Russian hacking group, Rhysida ransomware threatens multiple sectors, and a new campaign targets public Docker Engine APIs.

When you collect and store information in a logical manner, you have a database. In modern uses of the word, a database often refers to the database management system (DBMS), which is a computer program that manages digital data. You use a database management system to interact with your stored data, so it's critical to implement security features that protect the DBMS and any data involved.

It's not uncommon in today's corporate world to see a creative marketer launching catchy security awareness campaigns, steering the entire company towards robust online safety practices. Elsewhere, job reviews increasingly assess how well employees are performing on the cybersecurity front. The shift in focus is clear. Organizations have come to understand that sophisticated tech tools aren't the ultimate solution. People are the weak spot.

On November 16, 2023, a significant security concern was published by Google's Threat Analysis Group (TAG). They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier, CVE-2023-37580, is a glaring example of a reflected cross-site scripting (XSS) issue. It allows malicious scripts to be injected into unsuspecting users' browsers through a deceptively simple method: clicking on a harmful link.

Processing valuable data has become an integral part of our daily lives. Any time you want to purchase anything, the bank manages the process to ensure the credentials match and you are authorized to purchase. That’s the most obvious example of an identity management system. Identity management encompasses a multifaceted set of strategies, policies, and technologies that collectively address identifying individuals and controlling their access to digital systems and information.

As a continuation of our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we headed down the (metaphorical) corridor to the Threat Labs. We wanted to extract from them some threats and cyberattack-related predictions, based on what they are starting to see evolving in the landscape. We’ve got a great selection, covering generative AI, software supply chain, and social engineering. Strap in!

In this series, you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta secure. We’ll also share some guidance for teams of all sizes—whether you’re just getting started or looking to uplevel your operations. ‍ In this post, you’ll hear from Janiece Caldwell, Senior Operations Engineer on Vanta’s Enterprise Engineering Team. ‍

Clark County School District in Nevada, the fifth-largest school district in the United States, recently experienced a massive data breach. Threat actors gained access to the school district’s email servers, which exposed the sensitive data of over 200,000 students. The district is now facing a class-action lawsuit from parents, alleging it failed to protect sensitive personal information and take steps to prevent the cybersecurity attack.