Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Nauzer Gotla Lightning Interview

Welcome to the first installment of Riscosity’s Lightning Interview Series. We'll be sitting down with industry leaders for informative and to-the-point conversations. In this episode, we chat about the present and future of internal audit and data security with Nauzer Gotla, Vice President of Internal Audit at Nextracker (NASDAQ:NXT), a dominant player in solar tracking solutions with revenues north of $2.5B.

Identity Fraud and the Cost of Living Crisis: New Challenges for 2024

Fraud is a rampant threat to individuals and organizations worldwide and across all sectors. In order to protect against the dangers of fraud in its many forms, it is vital to stay in the loop on the latest fraud trends and the threat landscape. The Fraudscape 2024 report from Cifas, the UK’s Fraud Prevention Community, is an effort to share this information to help prevent fraud.

Cyberbiosecurity: Where Digital Threats Meet Biological Systems

Cyberbiosecurity has emerged as an essential area of interest as the boundaries between the digital and biological sectors continue to blur. With rapid advancements in areas such as artificial intelligence, automation, and synthetic biology, the need for strong cyberbiosecurity protections has grown to safeguard the bioeconomy. As biotechnology evolves, it creates a complex landscape where breaches can have consequences far beyond typical cyber risks.

How to Prevent Insider Threats: Implementing Least Privilege Access Best Practices

Organizations lose $16.2 million annually (up from $15.4 million) due to insider threats. Many businesses still can’t prevent these threats effectively. Malicious or negligent employees continue to risk sensitive data and systems despite strong external security measures. Security professionals must solve a big challenge – protecting against insider threats while keeping operations running smoothly.

Crypto Staking Platforms: Overview, How it Works, & Risks

Crypto staking platforms empower investors to earn passive income through participating in blockchain networks. In recent years, these platforms have evolved from simple validator nodes to sophisticated financial infrastructure, processing billions in staked assets. This shift represents a fundamental change in the cryptocurrency landscape as it moves from pure speculation to productive asset utilization.

A Day in the Life of a CISO - Addressing an Urgent Security Threat

Late last night, I received a notification from SecurityScorecard alerting me to a newly discovered vulnerability, Solarwinds, with potentially severe business implications for my organization. It’s now 6AM, and I’ve been up through the night, digging into the latest security research to fully assess the risk and scope of exposure. Thanks to SecurityScorecard’s real-time automated alert, I’m ahead of the situation and have already proactively briefed our CIO and executive team.

A Day in the Life of a CISO - Presenting to the Board Chairman

It’s 7:30 AM when I check my inbox, and right at the top is an urgent email from Alex, our Chairman of the Board: “I need an update on how we’re stacking up against our competitors on security.” Not just a quick overview—he’s asking for specifics on how our cybersecurity posture compares to our peers, the improvements we’ve made, and a detailed look at our progress since our last board meeting.

Take Control with Torq's AI Data Transformation

Data interoperability is the backbone of building reliable and efficient hyperautomated workflows. However, manipulating and formatting massive amounts of data from various sources — especially in complex JSON files — can feel overwhelming and consume significant time and resources, particularly for those still gaining technical expertise. Teams often lack or have maxed out dedicated resources to wrangle this data.

CVE-2024-10524 Wget Zero Day Vulnerability

While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it to the Wget maintainers. A patch was released on November 11 and is included in Wget 1.25.0.

Why SASE vs SSE misses the point for IT leaders

As high-profile breaches dominate headlines and decimate share prices, demonstrating your ability to protect client data has become the latest IT imperative getting boardroom attention, along with a host of new analyst and vendor-created labels for the ‘perfect’ solution. We want to help those who are short on time and resources cut through the bewildering landscape of buzzwords and gold standards by offering some practical, vendor-agnostic advice on where best to start and how to get the biggest wins in reducing their firms' exposure to risk.