If you’re a developer, devops or security engineer whose continuous integration (CI) systems rely on shared secrets for access management, you probably know firsthand the security risks that shared secrets present.

On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to be of critical severity, Microsoft assessed at the time of publication that the vulnerability was “less likely” to be exploited, and no proof-of-concept exploit was available. Microsoft also noted that the vulnerability may be exploited through the Preview Pane in Microsoft Outlook.

How an Account Takeover vulnerability, discovered during a routine customer engagement, became a candidate for responsible disclosure, via the Microsoft Security Research Center Researcher Portal.

It’s been three years since the California Consumer Privacy Act (CCPA) came into effect, marking improved security and data privacy for individuals both inside and outside of California. However, just because the law has been in effect, it doesn’t mean that all organizations are actively complying with the statutes.

Unlock with Okta has been available in public preview since February. Starting today, all 1Password Business customers can sign in to 1Password using Okta instead of their account password – and support for other SSO providers is coming soon.

Getting the basics right sounds simple enough, but it will demand a detailed focus.

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of companies use some kind of software to monitor employees. General productivity isn’t the only justification for implementing employee monitoring.