November 12, 2024 at 10:29AM The joint Cybersecurity Advisory highlights increased exploitation of zero-day vulnerabilities in 2023 by malicious cyber actors compared to 2022, urging vendors and end-users to adopt security measures. Recommendations include implementing secure software development practices and timely patch management to mitigate risks associated with routinely exploited vulnerabilities. ### Meeting Takeaways #### … Read more
November 12, 2024 at 10:15AM Cybersecurity researchers warn of GoIssue, a tool for orchestrating large-scale phishing attacks on GitHub users by extracting emails from profiles. Marketed by a threat actor, it enables customized mass email campaigns, increasing risks of data theft and breaches. Additionally, a new two-step phishing attack uses compromised Microsoft files. ### Meeting … Read more
November 8, 2024 at 10:35AM The integration of DevSecOps aims to balance development speed with security, addressing challenges such as security training, complex tools, and alert management. Successful implementation involves understanding risk portfolios, automating security testing, continuous monitoring, and simplifying developers’ experiences, ultimately fostering collaboration for efficient, secure software delivery. **Meeting Takeaways: DevSecOps Implementation** 1. … Read more
October 23, 2024 at 11:53AM Research by Symantec reveals that several popular mobile apps expose hardcoded, unencrypted cloud service credentials, risking severe security breaches. Apps for both Android and iPhone include sensitive Amazon Web Services and Microsoft Azure credentials. This highlights the urgent need for improved security practices in mobile app development to mitigate such … Read more
April 26, 2024 at 12:37PM Government and security-sensitive firms are requiring software bills of material (SBOMs), listing components of applications. Attackers could exploit this information without sending packets. Larry Pesce warns that publicly accessible SBOMs can expose vulnerabilities. Yet, SBOMs aim to enhance software security, with 60% adoption expected by next year. Pesce advises using … Read more
April 15, 2024 at 11:06AM NightVision, a US-based startup founded in 2022, raised $5.4 million in seed funding from angel investors. The company focuses on application security testing, aiding in the identification and resolution of software security vulnerabilities early in the development lifecycle. Its technology simulates attacks, integrates with development workflows, and enables secure development … Read more
January 18, 2024 at 06:38AM The concept of “secure by design” is crucial in the face of increasing supply chain attacks, with a shift towards proactive security measures. The Cybersecurity and Infrastructure Security Agency (CISA) is pushing for this in software development practices, emphasizing collective responsibility. It involves building security into software from the ground … Read more
November 28, 2023 at 05:40AM The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre have released new guidelines for secure AI system development. The guidelines focus on building security into AI systems but do not impose any rules or regulations on the industry. The guidelines cover secure design, development, … Read more
November 27, 2023 at 06:02PM The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre have released Guidelines for Secure AI System Development. The guidelines provide an outline for building security into AI systems but do not impose regulations on the industry. The guidelines cover secure design, development, deployment, and … Read more
November 27, 2023 at 02:36AM The U.K., U.S., and 16 other countries have released guidelines for secure AI system development. The guidelines prioritize security outcomes, transparency, accountability, and secure design. The aim is to increase cybersecurity levels, address societal harms and privacy concerns, and allow vulnerability reporting through bug bounty programs. The guidelines cover secure … Read more