December 4, 2024 at 11:13PM AI adoption is increasing among organizations for productivity and new business opportunities, but security often lags behind. The article outlines AI security risks, including prompt injection and model theft, suggesting best practices to mitigate these risks, such as configuring sensitive information filters and disabling public access to AI resources. ### … Read more
December 3, 2024 at 01:45PM A survey of over 14,000 employees reveals risky behaviors regarding sensitive data access. Eighty percent use unsecure personal devices, while 40% download customer data without controls. Many also reuse passwords and bypass security policies. Increased use of AI tools raises concerns, as compliance with data handling guidelines is low. **Meeting … Read more
October 31, 2024 at 07:00AM The article discusses the tendency in the security field to overlook crucial security issues for convenience. It emphasizes the potential risks associated with neglecting API security and highlights the importance of addressing these challenges. **Meeting Takeaways:** 1. **Security Compromise Risks**: There is a tendency within the security field to overlook … Read more
September 10, 2024 at 10:47AM Summary: Endpoint privilege management (EPM) is crucial for cybersecurity, aiming to reduce attack surfaces and insider threats. EPM offers pros like enhanced compliance and improved incident response, but also brings cons such as operational overhead and user productivity impact. The debate over granting administrative rights to end users persists, emphasizing … Read more
August 7, 2024 at 02:27PM Enterprise usage of Microsoft’s Copilot Studio, a no-code chatbot creation tool, has surged within nine months of its release. However, security researcher Michael Bargury highlighted serious security vulnerabilities that could lead to data exfiltration and bypassing controls. Despite Microsoft addressing some issues, careful implementation and admin controls are essential to … Read more
March 20, 2024 at 07:30AM Join industry experts Elad Schulman and Nir Chervoni in a webinar discussing the opportunities and risks of Generative AI. Learn about its transformative potential, security challenges, and effective strategies for securing GenAI applications. This session is essential for IT professionals, security experts, and business leaders navigating the complexities of Generative … Read more
March 7, 2024 at 09:34AM Apple is making significant changes to the iPhone’s App Store in Europe under the Digital Markets Act, allowing alternative app stores and payment methods. Despite concerns about security risks and increased competition, European regulators are hopeful that the consumer benefits will outweigh the challenges faced by tech giants like Apple. … Read more
December 12, 2023 at 06:36AM The year 2023 witnessed a surge in cyber attacks, particularly through non-human access credentials like API keys, tokens, and service accounts. These credentials lack robust security measures and are often over-permissive and unused, making them an ideal target for cybercriminals. Several high-profile attacks exploited non-human access, prompting the need for … Read more
November 16, 2023 at 12:49PM Researchers have discovered critical vulnerabilities in the infrastructure used for AI models, putting companies at risk. The affected platforms include Ray, MLflow, ModelDB, and H20 version 3. These vulnerabilities could potentially give unauthorized access to AI models and the rest of the network. Protect AI disclosed the results and informed … Read more
November 3, 2023 at 11:22AM Microsoft Exchange is affected by four zero-day vulnerabilities, as reported by Trend Micro’s Zero Day Initiative (ZDI). Despite Microsoft acknowledging the flaws, they have postponed fixing them, leading ZDI to publish details to warn Exchange administrators. The vulnerabilities allow remote code execution, unauthorized information disclosure, and risk sensitive data exposure. … Read more