The major news in technology policy circles is this month’s release of the long-anticipated Executive Order (E.O.) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. While E.O.s govern policy areas within the direct control of the U.S. government’s Executive Branch, they are important broadly because they inform industry best practices and can even potentially inform subsequent laws and regulations in the U.S. and abroad.

Microsoft Ignite 2023 was an eventful one, with many announcements across Microsoft’s AI Copilot capabilities. The biggest announcement, in our opinion, is that of Microsoft Copilot Studio, a low-code tool that allows professional and citizen developers to build standalone AI Copilots, as well as customize Microsoft Copilot for Microsoft 365.

Since 2005, the Common Vulnerability Scoring System (CVSS) has been used to assess and communicate the severity of vulnerabilities in software. If you’re involved in cybersecurity, even if you’re not directly involved in managing vulnerabilities, you’ve probably come across CVSS designations like ‘critical’ or ‘high’ when referring to vulnerabilities in the industry.

As the times change and the threats evolve, financial institutions face relentless cyber threats from an ever-expanding number and variety of attack vectors. While individual resilience is important, the heavily interconnected nature of today’s financial services industry demands a unified approach to defense where all participants actively engage in Cyber Threat Intelligence (CTI) sharing for the greater good.

Researchers discover a new Russian hacking group, Rhysida ransomware threatens multiple sectors, and a new campaign targets public Docker Engine APIs.

It might be hard to remember, but around twenty years ago, Amazon was only known for one thing: selling books. But it’s grown up in the last two decades, encompassing multiple business verticals, and selling more than just books (especially convenient when you need garbage bags, a spatula, and holiday decorations all at the same time).

When you collect and store information in a logical manner, you have a database. In modern uses of the word, a database often refers to the database management system (DBMS), which is a computer program that manages digital data. You use a database management system to interact with your stored data, so it's critical to implement security features that protect the DBMS and any data involved.

It's not uncommon in today's corporate world to see a creative marketer launching catchy security awareness campaigns, steering the entire company towards robust online safety practices. Elsewhere, job reviews increasingly assess how well employees are performing on the cybersecurity front. The shift in focus is clear. Organizations have come to understand that sophisticated tech tools aren't the ultimate solution. People are the weak spot.

On November 16, 2023, a significant security concern was published by Google's Threat Analysis Group (TAG). They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier, CVE-2023-37580, is a glaring example of a reflected cross-site scripting (XSS) issue. It allows malicious scripts to be injected into unsuspecting users' browsers through a deceptively simple method: clicking on a harmful link.

If the holiday classic “How the Grinch Stole Christmas” was remade in 2023, the mean green guy might be played by an Internet bot. Sure, these bots may not come down your chimney and steal a tree or holiday dinner, but threat actors have designed them to help ruin retailer and consumer holiday shopping experiences. Trustwave SpiderLabs exposed how the two primary bot variants, Grinchbots and Freebie Bots, operate in the team's recent report.