Security News

Analysis of 700,000 real-world attacks shows how memory attacks evade protections and suggest mitigations. Threat actors are honing their focus on exploits that evade detection and remain unnoticed within systems, according to Aqua Security's 2023 Cloud Native Threat Report, which examined memory attacks in networks and software supply chains.

They raise legitimate questions about the usage and permissions of AI applications within their infrastructure: Who is using these applications, and for what purposes? Which AI applications have access to company data, and what level of access have they been granted? What is the information employees share with these applications? What are the compliance implications? Each AI tool presents a potential attack surface that must be accounted for: Most AI applications are SaaS based and require OAuth tokens to connect with major business applications such as Google or O365.

How do cyber security professionals best equip themselves with the knowledge and tools to win this fight? Well, SANS Institute remains a trusted resource for cybersecurity training, certifications and research. To that end, SANS has announced a wide range of upcoming training events and summits across Europe, the Middle East and Africa for autumn 2023, delivering top-class training from some of the world's leading cyber security experts.

In the dynamic business landscape where third-party relationships assume a critical role, organizations confront various risks that can profoundly affect their security and compliance requirements, according to Panorays. 84% of organizations prioritize third-party security risk management, indicating a growing awareness of the potential threats posed by third-party relationships.

Criminal IP, an OSINT-based CTI search engine provided by AI SPERA, has recently announced the introduction of a bug bounty program aimed at strengthening the safety of its services and protecting its users. The bug bounty program introduced by Criminal IP encourages security researchers to identify and report potentially exploitable vulnerabilities within its systems.

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982, the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4.

Many popular generative AI projects are an increased security threat and open-source projects that utilize insecure generative AI and LLMs also have poor security posture, resulting in an environment with substantial risk for organizations, according to Rezilion. "On top of their inherent security issues, individuals and organizations provide these AI models with excessive access and authorization without proper security guardrails. Through our research, we aimed to convey that the open-source projects that utilize insecure generative AI and LLMs have poor security posture as well. These factors result in an environment with significant risk for organizations."

A Russian network security specialist and former editor of Hacker magazine who is wanted by the US and Russia on cybercrime charges has been detained in Kazakhstan as the two governments seek his extradition. Maybe the second part wasn't such a good idea after all - an update to the statement notes that Kislitsin is also wanted by Russia.

Although numerous respondents acknowledged employing risky practices and behaviors within their cloud environments, they strongly believe in the effectiveness of their security tools and processes to safeguard their organizations against meticulously planned attacks, according to Permiso. The survey assessed both the respondents cloud security practices and the scale of their environment, including the number of identities and secrets they manage, response time to an attack, the different methods of access into their environment, and the types of solutions they utilize to help secure their environments.

Sponsored Post Imagine if you could get instant advice on how to protect your cloud infrastructure against cyber threats from some of the world's best cloud security experts without leaving the comfort of your chair. Starting at 11 am UTC on Friday 18th August, the SANS Cloud Security Exchange 2023 is a free and virtual event that brings together cloud security experts from AWS, Google Cloud, Microsoft Azure and the SANS Institute onto one digital stage.