Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API security is a pressing concern for industries undergoing digital transformation, and none more so than financial services and insurance.

AI has become a hot topic thanks to the recent headlines around the large language model (LLM) AI with a simple interface — ChatGPT. Since then, the AI field has been vibrant, with several major actors racing to provide ever-bigger, better, and more versatile models. Players like Microsoft, NVidia, Google, Meta, and open source projects have all published a list of new models. In fact, a leaked Google document makes it seem that these models will be ubiquitous and available to everyone soon.

An insecure direct object reference (IDOR) is a security vulnerability that occurs when a system’s implementation allows attackers to directly access and manipulate sensitive objects or resources without authorization checks. For example, an IDOR can arise when an application provides direct access to objects based on user-supplied input, allowing an attacker to bypass authorization.

Today, Bitsight and Diligent launched an extension of our partnership focused on correlated, independent, and comparable cyber ratings from Bitsight within Diligent’s Board Reporting for IT Risk. Streamlined data collection and standardized dashboards enable CISOs to deliver clear and consistent insights to the board leveraging Bitsight and Diligent solutions.

Cybersecurity leaders are always working to make smarter investments to improve their programs. Not only do they look to reduce risk from the expanding attack surface and manage supply chain risk, they’re also juggling external pressures from regulators, insurers, and shareholders. As leaders look to technology solutions to help, many look at data analytics to reduce their organization’s risk, manage exposure, and improve overall program performance.

You can know if your phone is hacked if you experience warning signs such as data usage being higher than normal, new apps you didn’t download, unusual or inappropriate pop-ups and more. Continue reading to learn about the warning signs that indicate your phone has been or is being hacked, and what you can do if you discover your phone has been hacked.

SOAR is dead. At first glance, that might be a bold statement, but the writing’s on the wall. While SOAR may have been a thing in the past, it’s not built for hybrid cloud adoption at enterprise scale. Cue, Torq Hyperautomation. Here are 5 reasons why SOAR is dead.

We often think of advanced persistent threats or APTs as threats primarily targeting governments for cyber espionage, but they could have just as much impact on the private sector. Oftentimes, both the techniques and the tooling used overlap between APTs and financially-motivated cybercriminals, and some APT groups themselves have taken to moonlighting as cybercriminals for profit.

On July 18th, 2023, Citrix disclosed a critical authentication bypass vulnerability affecting several versions of Citrix ADC and Citrix Gateway (CVE-2023-3519). The vulnerability was identified by independent security researchers, and was responsibly disclosed to Citrix. This vulnerability could allow a threat actor to execute arbitrary code on affected appliances and may also serve as an initial access vector for ransomware and other types of malicious campaigns.

1Password’s summer of passkey announcements continues!