December 6, 2024 at 04:18AM The 2024 IBM Cost of the Data Breach Report reveals that 40% of data breaches from March 2023 to February 2024 involved data stored in multiple environments, including the cloud. SANS offers best practices to help safeguard your cloud infrastructure effectively. **Meeting Takeaways:** 1. **SANS Best Practice Guidance:** – Participants … Read more
December 3, 2024 at 05:39PM Many organizations using CDN-provided WAF services are misconfiguring them, exposing back-end servers to direct attacks. This affects nearly 40% of Fortune 100 companies, including major brands. Researchers found that inadequate request validation and lack of security best practices are primary causes of this widespread vulnerability, making servers accessible to Internet … Read more
November 9, 2024 at 02:12AM Palo Alto Networks issued an advisory addressing a potential remote code execution vulnerability in the PAN-OS management interface. Users are urged to secure access and follow best practices to mitigate risks. Additionally, a critical flaw (CVE-2024-5910) in the Expedition tool has been added to CISA’s KEV catalog, with active exploits … Read more
October 22, 2024 at 04:23PM A report by Symantec reveals that numerous mobile apps for iOS and Android contain hardcoded, unencrypted cloud service credentials, risking user data exposure. This vulnerability, stemming from poor development practices, could allow unauthorized data access. Developers are urged to adopt best practices to safeguard sensitive information in apps. ### Meeting … Read more
September 24, 2024 at 10:30AM The article discusses the rollout of Salesforce Einstein Copilot, an AI assistant that aims to revolutionize interactions within the CRM tool. It covers the functionalities of Einstein Copilot, its security model, processing model, and the shared responsibility model for data security. Additionally, it provides best practices for preparing Salesforce Orgs … Read more
September 5, 2024 at 10:24AM The use of Generative AI in workplaces is widespread, with about a quarter of employees using or having tried it. Research on 1,000 enterprise employees revealed that once users start using GenAI, they heavily engage with an average of 8.25 apps per month. Content creation is the dominant use case, … Read more
August 19, 2024 at 10:07AM Cyberattacks have become the biggest threat to businesses, despite significant consequences. The human tendency to procrastinate, known as temporal discounting, leads to the delay in adopting modern security practices. Governments can combat this by enforcing penalties and regulations, similar to the automotive and food safety industries. Furthermore, guidance like automatic … Read more
March 22, 2024 at 10:04AM Code-signing best practices are crucial for fostering trust in the development process and enhancing software supply chain security. The key takeaway from the meeting notes is the importance of strong code-signing best practices in establishing trust in the development process and enhancing the security of the software supply chain. Full … Read more
February 27, 2024 at 01:50PM NIST has released version 2.0 of its Cybersecurity Framework (CSF), expanding its scope to offer security tips for all organizations. Newly introduced resources include quick-start guides, implementation examples, and a new core risk management function called “govern.” NIST plans to continue enhancing the framework and encourages users to share feedback … Read more
November 2, 2023 at 01:43PM The CEO of Saudi Aramco warned that the energy sector is vulnerable to attacks, especially with the introduction of new technologies like generative AI. Amin H. Nasser emphasized that any disruption to the global energy supply would have significant consequences. He stressed the need for assessing these technologies and addressing … Read more