August 7, 2024 at 02:27PM Enterprise usage of Microsoft’s Copilot Studio, a no-code chatbot creation tool, has surged within nine months of its release. However, security researcher Michael Bargury highlighted serious security vulnerabilities that could lead to data exfiltration and bypassing controls. Despite Microsoft addressing some issues, careful implementation and admin controls are essential to … Read more
March 20, 2024 at 07:30AM Join industry experts Elad Schulman and Nir Chervoni in a webinar discussing the opportunities and risks of Generative AI. Learn about its transformative potential, security challenges, and effective strategies for securing GenAI applications. This session is essential for IT professionals, security experts, and business leaders navigating the complexities of Generative … Read more
March 7, 2024 at 09:34AM Apple is making significant changes to the iPhone’s App Store in Europe under the Digital Markets Act, allowing alternative app stores and payment methods. Despite concerns about security risks and increased competition, European regulators are hopeful that the consumer benefits will outweigh the challenges faced by tech giants like Apple. … Read more
December 12, 2023 at 06:36AM The year 2023 witnessed a surge in cyber attacks, particularly through non-human access credentials like API keys, tokens, and service accounts. These credentials lack robust security measures and are often over-permissive and unused, making them an ideal target for cybercriminals. Several high-profile attacks exploited non-human access, prompting the need for … Read more
November 16, 2023 at 12:49PM Researchers have discovered critical vulnerabilities in the infrastructure used for AI models, putting companies at risk. The affected platforms include Ray, MLflow, ModelDB, and H20 version 3. These vulnerabilities could potentially give unauthorized access to AI models and the rest of the network. Protect AI disclosed the results and informed … Read more
November 3, 2023 at 11:22AM Microsoft Exchange is affected by four zero-day vulnerabilities, as reported by Trend Micro’s Zero Day Initiative (ZDI). Despite Microsoft acknowledging the flaws, they have postponed fixing them, leading ZDI to publish details to warn Exchange administrators. The vulnerabilities allow remote code execution, unauthorized information disclosure, and risk sensitive data exposure. … Read more
October 24, 2023 at 08:09AM API modernization is crucial for organizations to enhance security and protect against threats like data breaches and unauthorized access. To achieve this, organizations should use strong authentication methods, encryption for data transfer, access control policies, real-time monitoring, security audits, and employee education. Gloo Gateway is a cloud-native API management solution … Read more