Security News

"Looking at it today, one of the biggest changes is that we understand that product security is a practice with its own people, its own budgets, and so on. These teams are usually made of those who view themselves as peers to IT security teams within the organization." "So I think a lesson that we learned is that we need to build a product that will cover the product security aspects that are common across industries with the right processes, the right reports, the right dashboards, and the right workflows. That will be the same pretty much across all verticals. On the other hand, we also understand that each customer is a project unto itself. You need to understand each customer's proprietary bill of materials because every customer has different ones. You need to understand the architecture of specific devices and how to recognize specific stages in their lifecycle."

Due to the increasing importance of multi-cloud and the intricate nature of cloud infrastructure, obtaining a comprehensive understanding of the various cloud workloads operating within your system, and ensuring their security, can be challenging. In this Help Net Security video, Kaus Phaltankar, CEO at Caveonix discusses how in today's complex multi-cloud landscape, the role of CISOs is more crucial than ever.

Mani Sundaram, executive vice president and general manager of the security tech group at Akamai said, "Enterprises expose full business logic and process data via APIs, which, in a cloud-based economy, are vulnerable to cyberattacks. Neosec's platform and Akamai's application security portfolio will allow customers to gain visibility into all APIs, analyze their behavior and protect against API attacks." One example illustrates how effective a relatively simple API attack can be: the NCC Group, in its 2022 annual Threat Monitor, noted that Australian telecom Optus had the personal information of 10 million customers exposed in a data breach accessed through an exposed API. Roey Eliyahu, co-founder and CEO, Salt Security noted that while APIs are powering digital transformation delivering new business opportunities and competitive advantages, "The cost of API breaches, such as those experienced recently at T-Mobile, Toyota and Optus, put both new services and brand reputation, in addition to business operations, at risk."

These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the first unified CNAPP and XDR platform, released a whitepaper, "14 Kubernetes and Cloud Security Predictions for 2023 and How Uptycs Meets Them Head-On" addressing the most pressing challenges and trends in Kubernetes and cloud security for 2023.

Volumes are increasing rapidly, and so is the complexity of the digital storage facilities: healthcare providers today house patient information on multiple data platforms such as on-premises servers, electronic health record systems and public/private cloud services. What's more, modern healthcare environments also span sophisticated medical systems and Internet of Things devices that are interconnected with each other and, in some cases, externally to the internet.

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director, which resides in the web UI component and arises as a result of improper input validation when uploading a Device Pack.

The underlying trend is clear: OT and IoT networks are progressively integrated with traditional IT networks for management and access purposes, leading to increased communication between these devices both internally and externally. Controlling and overseeing supplier access to OT and IoT networks is challenging, as connections between external and internal networks can occur through various means like VPNs, direct mobile connections, and jump hosts.

This vulnerability introduces a demanding challenge for security stakeholders, since none of the existing data protection tools can ensure no sensitive data is exposed to ChatGPT. In this article we'll explore this security challenge in detail and show how browser security solutions can provide a solution. The ChatGPT data protection blind spot: How can you govern text insertion in the browser?#.

While it's important to give employees access to the data they require to do their job, granting too much access increases the risk of data breaches. To mitigate these risks, companies need to make sure authorization is a core element of their data security strategies.

Threat actors use a new hacking tool dubbed AuKill to disable Endpoint Detection & Response Software on targets' systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver attacks. The AuKill malware, first spotted by Sophos X-Ops security researchers, drops a vulnerable Windows driver next to the one used by Microsoft's Process Explorer v16.32.