The recent SURGe in popularity of generative artificial intelligence tools has raised many questions around potential use cases in cybersecurity, both from an offensive and defensive point of view. Will chat-based AI-assistants provide more utility to attackers, or defenders?

On December 13th, The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) have issued an urgent advisory about the ongoing exploit of CVE-2023-42793 by Russian Foreign Intelligence Service (SVR) threat actors.

On December 14, 2023, the Ledger Connect Kit was compromised, allowing attackers to drain users’ wallets on dozens of decentralized apps. Fireblocks’ customers were not impacted by the attack. Fireblocks dApp Protection, the latest security feature in our DeFi solution, detected and prevented customers from unknowingly interacting with the impacted dApps.

Navigating the complexities of modern application security presents a formidable challenge for organizations. The multitude of security tools and the effort to implement and maintain them often creates a tangled web of processes, which can result in inconsistent implementations, resource inefficiencies, and a fractured view of risk. Enterprise organizations can have hundreds of developers spread across multiple business units.

Organizations can protect their enterprise database from privilege abuse by implementing the Principle of Least Privilege (PoLP), following a zero-trust security approach and investing in a Privileged Access Management (PAM) solution. Continue reading to learn what privilege abuse is, the risks of privilege abuse in an organization and how to prevent it.

The North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) standards are a comprehensive set of requirements that ensure the security and reliability of the North American power grid. These standards address both the physical security and cybersecurity of the bulk electric system, mandating measures to protect critical assets from potential threats.

The rapid rise of artificial intelligence, more specifically, generative AI systems such as OpenAI’s ChatGPT, has simultaneously spurred intense development and concern over the past year. On the 30th of October, President Joe Biden signed an Executive Order that urges new federal standards for AI development, safety, security, and trustworthiness that also address many other facets of AI risk.

Proprietary severity scoring often burdens AppSec teams. With every new vendor, you must evaluate their custom severity framework and work to translate assessed risk between tools. To eliminate this burden and provide our customers with a clear security assessment for configurations across the SDLC, Snyk will be moving towards standardizing our code to cloud security rules set on the Common Configuration Scoring System (CCSS)!

Southern Illinois Healthcare oversees the operations of Harrisburg Medical Center (HMC), a not-for-profit community hospital with over 70 beds and 140 physicians. They are partnered with other clinics in the area, providing a comprehensive healthcare network for residents in the region. HMC suffered a network data breach nearly a year ago.

TrustCloud teamed up with Dan Andrea, a partner at KLR, to discuss: Read more of Dan’s suggestions below, or check out the conversation on YouTube.