Security News

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the...

As artificial intelligence amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital. Security awareness training is essential and must be a live, evolving process.

Raven is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs. Raven boosts the ability of security teams to implement secure software development practices, enabling them to work more strategically with DevOps teams while maturing their organization's ASPM capabilities.

ThreatLabz focused on understanding IoT device activity and attributes via device fingerprinting and analyzing the IoT malware threat landscape. By adopting a zero trust architecture, organizations can gain visibility into IoT device traffic and minimize IoT security risks.

2024 set to see strong public cloud spending growth. While generative AI has not yet had a material impact on IT spending, investment in AI more broadly is supporting overall IT spending growth.

Many CISOs are grappling with the conundrum of the purpose and value of security controls data in supporting critical business decisions, according to Panaseer. Only 36% of security leaders are totally confident in their security data and use it for all strategic decision making.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Generative AI is likely behind the increases in both the volume and sophistication of email attacks that organizations have experienced in the past few months, and it's still early days, according to Abnormal Security. Their leading worry is the increased sophistication of email attacks that generative AI will make possible - particularly, the fact that generative AI will help attackers craft highly specific and personalized email attacks based on publicly available information.

Sponsored Post The job of the cyber security professional is never easy, and it gets progressively harder with the movement of sensitive data and applications across the multiple different on and off premise systems that make up modern hybrid cloud environments. That's why SANS has created a training and certification curriculum devoted specifically to cloud security, designed to help those responsible for implementing effective cloud security measures within their organisation to broaden their knowledge and skills.

1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant. "We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati.