Data Breaches

Looking to harness a decade of AI/ML development Cisco this week previewed generative AI-based features it will soon bring to its Security Cloud service and Webex collaboration offerings. Cisco said it was looking meld the network and security intelligence it has amassed over the years with the large language models (LLMs) of generative AI to simplify enterprise operations and address threats with practical, effective techniques.   The first fruits of this effort will be directed…

Read More

Cloud security firm Sysdig has embedded cloud detection and response (CDR) into its cloud-native application protection platform (CNAPP). The company claims to be the first vendor to offer this consolidation, a move that enables its CNAPP to detect threats with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications. It leverages Falco, a widely adopted open-source standard for cloud threat detection governed by the Cloud Native Computing Foundation, in both agent and…

Read More

Security automation and orchestration platform Tines has added a new case management capability, dubbed Cases, to allow security teams to collaborate on security incidents. This collaboration feature is aimed at enabling the teams to efficiently handle anomalies, automation, and remediations. “With Cases, Tines users — which range from startups to Fortune 10 — can deploy a new capability that addresses the critical flaws in existing case management solutions, from a lack of customizations and integrations…

Read More

Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue.  “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware,” Bitdefender said in a blog. To date, the cybersecurity firm has discovered…

Read More

As security leaders progress in their establishment of software supply chain security programs, they face a good news-bad news situation with the tools available to them — literally: the technology is rapidly advancing for good and for bad. The good news of the rapidly advancing software supply chain security technology is that the brisk pace of innovation provides increasing opportunities to gain greater visibility and transparency into the vast array of components and code that…

Read More

Even though there is a growing demand for cybersecurity expertise at the highest levels of business, a significant number of public companies lack even one qualified cybersecurity expert on their board of directors, according to a study by cybersecurity research and advisory firm IANS. In addition, the study found that just a little more than one in 10 CISOs have all the key traits thought to be crucial for success on a corporate board. In…

Read More

Cloud security provider Lacework has released a new cloud infrastructure entitlement management (CIEM) offering to strengthen the observability of all cloud identities. The new capability is aimed at simplifying Lacework’s cloud security offering by merging with its existing cloud security posture management (CSPM), attack path analysis, and threat detection capabilities into a single platform.   “CIEM enriches our platform with cloud identity and entitlement configuration data, along with the understanding of how identities and entitlements are…

Read More

The Open Worldwide Application Security Project (OWASP) has published the top 10 most critical vulnerabilities often seen in large language model (LLM) applications, highlighting their potential impact, ease of exploitation, and prevalence. Examples of vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution. The list aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing LLMs, raising awareness of vulnerabilities, suggesting remediation strategies, and…

Read More