Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You wake up to an unusual notification—a new device logged into your work email account overnight. But it’s not yours.

Open Source Intelligence (OSINT) is the backbone of modern cybersecurity investigations, helping analysts and law enforcement uncover threats, assess risks, and gather intelligence from publicly available sources. In this guide, we break down everything you need to know about OSINT, from key frameworks and tools to how it's used in cybersecurity.

As AI becomes an increasingly critical component in the digital supply chain, tech buyers are struggling to appropriately measure and manage their AI risk. Keeping tabs on emerging risk from the AI technology they use is hard enough. But often the most crucial AI business functions that organizations depend upon aren’t directly under their control or care, but instead are governed by the tech vendors that embed them into their underlying software.

With increased reliance on the cloud and data being today’s digital currency, cybercrime has become a pervasive threat that impacts individuals, businesses, and governments alike. Understanding the various types of cybercrime is essential for developing effective strategies to protect against these malicious activities.

This article provides details on how Bitsight TRACE addressed CVE-2024-23897, an arbitrary file read vulnerability that affects Jenkins, a well-known open-source automation server. It includes technical details, common pitfalls, and decisions made since the CVE disclosure until now. The investigation of CVE-2024-23897 is an example of how we can obtain the target instance version but not solely rely on it to classify an instance as vulnerable. First, we go deep to understand the vulnerability.

Cybersecurity compliance refers to the practice of adhering to laws, standards, and regulatory requirements established by governments and industry authorities. These compliance regulations are designed to protect a business’ digital information and information systems from cyber threats, including unauthorized access, use, disclosure, disruption, modification, or destruction.

Cyber security monitoring is the practice of continuously observing IT systems to detect cyber threats, data breaches, and other security issues. By helping to identify threats early, monitoring solutions can help to mitigate attacks faster and limit the damage they can do. Monitoring solutions may track activity on networks as well as endpoints like individual laptops, mobile phones, desktop computers, and IoT devices.

The Sarbanes-Oxley Act (SOX), enacted in 2002, is a U.S. federal law established to enhance corporate governance and strengthen the accuracy and reliability of financial reporting for publicly traded companies. SOX aims to protect investors and the public by enforcing stringent reforms to improve financial disclosures and prevent corporate fraud.

It’s every security manager's worst nightmare. A member of the IT department reaches to alert that malicious software has been detected on an internal network, and the hacker potentially has access to layers of sensitive data.