Dec 6th, 2023 - With the rapidly evolving threat landscape and complexity of interconnected applications, identifying real, business-critical application risks is more challenging than ever. Application security teams need a better solution than their current siloed tools and ad hoc processes can provide. Application security testing (AST) and software supply chain security (SSCS) tools have solved the vulnerability detection problem, but lack the broader business and application context. This makes it ... [Read More]
Dec 6th, 2023 - NIST Cybersecurity Framework Update – Adding the Sixth Pillar Almost 10 years ago, the National Institute of Standards and Technology (NIST) released their five pillar Cybersecurity Framework (CSF). The purpose of the framework was to "help organizations understand, reduce and communicate about their cybersecurity risk". But with changes in the cybersecurity landscape and climate, they felt it was necessary to add a sixth pillar. Now not only does it better address how the cybersecurity ... [Read More]
Dec 6th, 2023 - Since the introduction of ChatGPT in November 2022, generative artificial intelligence (AI) has taken the world by storm. This new era of AI uses large language models (LLM) to translate human language into useful machine results – and the outcomes are powerful. With generative AI, organizations can accelerate an employee's ability to gather, organize, and communicate information. They can deliver greater automation for language-related and mundane tasks, freeing employees to focus on ... [Read More]
Dec 6th, 2023 - Joe Ariganello VP of Product Marketing Joe is the VP of Product Marketing at MixMode. He has led product marketing for multiple cybersecurity companies, with stops at Anomali, FireEye, Neustar and Nextel, as well as various start-ups. Originally from NY, Joe resides outside Washington DC and has a BA from Iona University. In today's changing threat landscape, organizations are exposed to a wide range of cyber risks that can jeopardize the security of their digital assets and sensitive ... [Read More]
Dec 6th, 2023 - Cybersixgill, a cyber threat intelligence data provider, announced today new features and capabilities that take security teams' threat detection and mitigation efforts to new levels, helping them identify and mitigate vulnerabilities and detect and stop threats more quickly and effectively than ever before. Cybersixgill's new Identity Intelligence module enables centralized monitoring analysis of an organization's compromised emails and accounts, helping threat hunters and analysts proactively ... [Read More]
Dec 6th, 2023 - A substantial 78% of CISOs have expressed concerns about the current unmanageability of application security (AppSec) attack surfaces, emphasizing the need for improvement. The figure comes from Application Security Posture Management (ASPM) firm Cycode's inaugural The State of ASPM 2024 report. The research, drawn from a survey of 500 US CISOs, AppSec Directors and DevSecOps team members, underscores the existing challenges in AppSec. The report revealed a significant ... [Read More]
Dec 5th, 2023 - In a time when advancements in technology rule these days, the constant risk of cyber attacks hangs over businesses all over the world. As part of the 'Mind of the CISO: Behind the Breach' project, Trellix, recently performed research. This study highlighted the difficulties Chief Information Security Officers (CISOs) encounter during cyber attacks. This blog explores the struggles of companies with recurring cyber threats and looks into the critical role of Security Auditing and ... [Read More]
Dec 5th, 2023 - Everyone talks about cyber resilience, it's a term frequently thrown around. From regulators across all continents to vendors, who don't refrain from showcasing the awesomeness of their 'resilient' products in many ways and forms. I delved deep into the realm of cyber resilience, or in other words, the art of building trustworthy systems, in November 2019 when my boss gave me a call to inform me about an exciting new publication from the US National Institute of Standards and Technology (NIST) ... [Read More]
Dec 4th, 2023 - Further validating how brittle the security of generative AI models and their platforms are, Lasso Security helped Hugging Face dodge a potentially devastating attack by discovering that 1,681 API tokens were at risk of being compromised. The tokens were discovered by Lasso researchers who recently scanned GitHub and Hugging Face repositories and performed in-depth research across each. Researchers successfully accessed 723 organizations' accounts, including Meta, Hugging Face, Microsoft, ... [Read More]
Nov 30th, 2023 - I have been having a lot of discussions recently about what is going on with the CISO profession, so I wanted to take a minute and share some insights from these conversations. We talk about the CISO role, but in reality, there are a diverse set of missions that define how the cybersecurity leader for an organization functions (note that I use 'CISO' and 'senior cybersecurity leader' interchangeably). That mission will determine where a CISO sits in the reporting hierarchy of the company and ... [Read More]
You May Also Like…
The Securities and Exchange Commission (SEC) has recently adopted new rules that require public companies and foreign issuers to disclose material information about their cybersecurity risk...
ProcessBolt Secures New Strategic Funding from Orlando Health Ventures, Joining Tampa General and Waterline Ventures
MINNETONKA, MN (Nov. 2, 2023) – ProcessBolt, the comprehensive AI-driven vendor risk management platform, is excited to announce a strategic investment from Orlando Health Ventures and its...
ISO 27001 is a globally recognized standard for information security management. Published by the International Organization for Standardization (ISO) and the International Electrotechnical...