Regain Visibility & Control with a Cloud-Delivered SASE Platform
Hear Netskope experts discuss recent innovations from Netskope and the vision for a SASE future.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The Role of AI in Your Governance, Risk and Compliance Program
In today’s rapidly evolving business landscape, organizations face an ever-increasing array of risks and compliance challenges. As businesses strive to adapt to the digital age, it has become imperative to enhance their Governance, Risk Management, and compliance (GRC) strategies. Fortunately, the fusion of artificial intelligence (AI) and GRC practices presents a transformative opportunity.
Piecing Together the Attack on Okta's Support Unit
The October 2023 Okta breach is the latest example in a long line of third-party identity attacks. Based on reports to date, it seems that the attack on Okta’s support case management system enabled a threat actor to launch downstream attacks into other companies. So far, 1Password, BeyondTrust and Cloudflare have publicly confirmed they were targeted. Such attacks don’t discriminate and pointing fingers is unproductive.
OAuth security gaps at Grammarly (now remediated)
This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.
How To Protect Your Financial Accounts Online
You can protect your financial accounts online by using strong passwords, updating your software, avoiding suspicious links and attachments, reducing your digital footprint and turning on financial alerts. Protecting your financial information is important to prevent identity theft and credit card fraud from happening to you. Identity theft can be emotionally draining and leave you financially bankrupt.
Enforcing Least Privilege Mitigates Identity Provider Takeover Attacks
Single Sign-On (SSO) solutions are designed to provide seamless access to important resources for employers and contractors at millions of organizations worldwide. By enabling only one point of access for all the applications a user needs to perform their job, SSO has become ubiquitous for enterprises to streamline operations.
Understanding PCI DSS v4.0
The Payment Card Industry Data Security Standard (PCI DSS) are commonly followed by organizations that handle credit card transactions to ensure the security of cardholder data. Since standards and requirements can change over time, it’s essential to refer to the most recent version of the PCI DSS v4.0 standard for the most up-to-date information. PCI DSS v4.0 was updated in April 2022. The description of the updated change from PCI DSS v3.2.1 to PCI DSS v4.0 states.
Navigating the Complex AI Regulatory Landscape - Transparency, Data, and Ethics
Ahead of the upcoming AI Safety Summit to be held at the UK’s famous Bletchley Park in November, I wanted to outline three areas that I would like to see the summit address, to help simplify the complex AI regulatory landscape. When we start any conversation about the risks and potential use cases for an artificial intelligence (AI) or machine learning (ML) technology, we must be able to answer three key questions.
Arbitrary File Creation vulnerability in plexus-archiver - CVE-2023-37460
The JFrog Security research team constantly monitors open-source projects to find new vulnerabilities or malicious packages and share them with the wider community to help improve their overall security posture. As part of this effort, the team recently discovered a new security vulnerability in plexus-archiver, an archive creation and extraction package.
Radiology and Oncology Clinic, Akumin, Suffers Ransomware Attack
Akumin is a radiology and oncology clinic based in Florida with multiple locations. Last week, three of their South Florida locations shut down their computer systems to hobble a ransomware cyberattack. The downtime significantly impacted the three clinics, as the doctors could not complete patient assessments. Recent patients in the area should consider protective monitoring services to help mitigate potential outcomes from the attack.