Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security teams know, bug bounty hunters, and ethical hackers know it: Large attack surfaces are hard to manage. In this day and age, if you’re a medium-large organization without a comprehensive External Attack Surface Management (EASM) program in place, there’s a pretty good chance that you have some hosts on the Internet that you’re not aware of. Despite this, the concept of EASM is still new to many.

Small business owners have a ton of things to worry about, but cybersecurity should always remain a top concern. Why? The Allianz Risk Barometer lists cyber incidents as the number one business risk in 2022, ranking it higher than the shortage of skilled workers, complications from the pandemic outbreak, and natural disasters.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. To be honest, I’m surprised they still have any customers left. Yet another breach at T-Mobile ….

For the next interview in our series speaking to technical leaders from around the world, we’ve welcomed Matt Polak, CEO and Founder at Picnic Corporation. Matt Polak is a subject matter expert in intelligence collection, having spent his career applying these skills to intractable growth and competitive strategy challenges for Fortune 500 customers.

Having effective enterprise cybersecurity is more than having your employees create a password that isn’t their pet’s name—unless perhaps their cat’s name is at least 12 characters long, and a combination of upper- and lower-case letters and symbols. Whether it’s well-researched spearphishing attempts or bypassing MFA, threat actors have only become more daring.

Recently, we announced that 1Password Business customers will soon be able to unlock 1Password with Okta.

ChatGPT is an artificial intelligence chatbot created by OpenAI, reaching 1 million users at the end of 2022. It is able to generate fluent responses given specific inputs. It is a variant of the GPT (Generative Pre-trained Transformer) model and, according to OpenAI, it was trained by mixing Reinforcement Learning from Human Feedback (RLHF) and InstructGPT datasets. Due to its flexibility and ability to mimic human behavior, ChatGPT has raised concerns in several areas, including cybersecurity.

With attackers constantly developing new tactics to compromise credentials and data, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activity. Many organizations turn to security information and event management (SIEM) products for help.

Once an attacker establishes a foothold in your Active Directory (AD) domain, they begin looking for ways to achieve their final objective, such as to sensitive data on file servers or in databases, spread ransomware or bring down your IT infrastructure. To do so, they must first gain additional access rights — ideally, membership in highly privileged groups like Domain Admins. BloodHound Active Directory helps them find paths to do just that.