Security News

The second day of announcements at Intel's Innovation event in San Jose, California focused on privacy and security, including confidential AI. Major announcements included an attestation service for Intel Trust Authority and a software toolkit for fully homomorphic encryption. An attestation service will join the Intel Trust Authority, a security assessment platform released in 2022.

At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic. CrowdStrike Falcon covers endpoint security, Extended Detection and Response, cloud security, threat intelligence, identity protection, security/IT Ops and observability.

Public cloud infrastructure brought forth another significant shift, redefining the boundaries between applications and infrastructure. The advent of public cloud platforms, such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform, has greatly influenced the design, deployment, and management of applications.

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "Dark pattern."

Hack blamed on new Google Authenticator sync feature. Retool is blaming the success of the hack on a new feature in Google Authenticator that allows users to synchronize their 2FA codes with their Google account.

Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. Users from different locations access them through different devices.

Salesforce announced a rebrand of its Einstein 1 Data Cloud and new capabilities for the Einstein generative AI assistant for CRM at the Dreamforce conference held in San Francisco on Tuesday, Sept. 12. Salesforce's Einstein 1 Data Cloud metadata framework will be integrated within the Einstein 1 Platform.

At its Google Next '23 event this week, Google revealed how - with the use of its PaLM 2 foundational model - it is applying the generative AI Duet AI to security solutions in Google Cloud, including posture management, threat intelligence and detection and network and data security. Integrating Duet AI into Chronicle explicitly addresses security operations workload and tool proliferation, and implicitly the shortage of security operators in SOC teams, Potti explained.

In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. Authentication devicesWhen companies want to start using secure authentication concepts like passwordless or even Smartcards it becomes an additional burden to deliver the authentication devices to their employees.

Cloud Native Application Protection Platforms have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, network security, and secure DevOps.