July 2, 2024 at 10:07AM The text discusses the need for a future-resilient approach to security, stressing the importance of challenging existing assumptions to strengthen security plans. It highlights the four categories for stress-testing assumptions: Referent, Affect, Interdependence, and Governance. The approach involves questioning fundamental assumptions to build resilience in the face of uncertain future … Read more
June 26, 2024 at 09:06AM “Snowblind,” a new malware targeting Southeast Asian banking apps, exploits the Linux security feature “seccomp” to isolate applications from detecting tampering, thwarting existing anti-tampering measures. This forces developers and security experts to adapt and find new strategies to counter such attacks, as traditional defense mechanisms become less effective against this … Read more
June 18, 2024 at 07:30AM Organizations are increasingly prioritizing investment in SaaS security, with 70% establishing dedicated teams and boosting budgets and headcount, according to the Cloud Security Alliance’s “2025 CISO Plans and Priorities” survey. The report highlights improved security capabilities but also challenges in achieving visibility into business-critical apps. The adoption of SaaS Security … Read more
May 23, 2024 at 10:08AM The commentary highlights the growing use of large language models (LLMs) and the associated security risks. An incident involving a compromised chatbot raises concerns about the potential exploitation of LLMs for extracting sensitive data. The author provides best practices for securing LLMs, emphasizing the need for proactive monitoring, hardened prompts, … Read more
May 21, 2024 at 11:07PM WitnessAI, a startup in artificial intelligence safety, emerged from stealth to address the barriers hindering organizations from adopting AI tools. Their Secure AI Enablement Platform offers observability, policy enforcement, and data protection for enterprises using AI. The platform, deploying cloud-based instances with unique encryption keys, has secured funding and plans … Read more
May 11, 2024 at 01:23PM Recent cybersecurity headlines emphasize the growing threat to critical infrastructure, including power lines, internet cables, and water control systems. Claroty CEO Yaniv Vardi predicts an increasing trend of physical and digital attacks, with three-quarters of critical infrastructure companies experiencing ransomware attacks last year. Vardi stresses the need for public-private cooperation … Read more
May 3, 2024 at 10:04AM The past two years have seen a rise in generative AI adoption across industries, creating security challenges. Apex, an AI security platform, aims to address this by providing visibility and enforcing security policies for AI activities. Founded in 2023, it has trials with Fortune 500 companies and received $7 million … Read more
March 28, 2024 at 08:03AM The text discusses the challenges of managing non-human identities in modern software development, highlighting issues such as hard-coded secrets, scalability challenges, compliance difficulties, and the neglect of security in the development process. It also provides best practices for securing non-human identities and introduces Entro, a tool for efficient secrets management … Read more
January 24, 2024 at 08:30AM Cloud-native applications and APIs have led to numerous data breaches, including with TeslaMate and Sumo Logic. Such incidents emphasize the need for organizations to prioritize cybersecurity basics, manage security tools, and address misconfigurations and credential misuse. Despite security challenges, the benefits of cloud-native environments are leading enterprises to embrace them, … Read more
January 2, 2024 at 11:12AM The evolving landscape of AI has presented significant challenges for CISOs and CIOs in crafting their 2024 plans. The rapid pace of AI innovation and its potential benefits raise the question of how to balance risk and opportunities. Stakeholders expect a clear strategy while dealing with the uncertainty of the … Read more