Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams. We’ve seen the use of this technology grow to the point where an expansion of the cybercrime economy occurred to include GenAI-based services like FraudGPT and PoisonGPT, with many others joining their ranks.

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those targeting senior staff members. The NCSC says employees should be cautious about the type of personal information they post on the internet, since criminals can use this knowledge to make their attacks more convincing.

On May 21, 2024, Veeam disclosed a critical vulnerability in Veeam Backup Enterprise Manager, identified as CVE-2024-29849. This vulnerability allows an unauthenticated threat actor to log into the web interface as any user, posing a significant risk with a Common Vulnerability Scoring System (CVSS) score of 9.8. The affected application is an optional add-on application used to manage Veeam Backup & Replication via a web console in Veeam environments.

On May 21, 2024, Ivanti disclosed six critical-severity SQL Injection vulnerabilities affecting Ivanti Endpoint Manager, specifically versions 2022 SU5 and earlier. These six vulnerabilities, identified as CVE-2024-29822 through CVE-2024-29827, each carry a Common Vulnerability Scoring System (CVSS) score of 9.6. They allow unauthenticated attackers within the same network to execute arbitrary code on the Core server. This disclosure was made simultaneously with the release of a security hot patch.

Rego, the policy language of the Open Policy Agent (OPA), is known for its flexibility and power in policy enforcement across various systems. Its declarative syntax and data-centric approach make it versatile for application authorization, infrastructure as code (IaC) authorization, and network policies. To fully appreciate OPA/Rego’s capabilities, it’s helpful to compare it with other policy languages and frameworks like AWS’s Cedar and Google’s Zanzibar.

Data security is evolving. This evolution is making the need to understand what is going on with your data more critical. Teams need to be able to answer questions like, where is data being stored? Which vendor or team is using it? When is sensitive data being used? Where is data being sent?

Mergers and acquisitions often sound amazing to the Board, but they can become an operational nightmare for the infrastructure, networking, and security teams. In recent years, I’ve worked with a fair few highly acquisitive organisations and so I have seen firsthand that the practical steps to onboard new users can become hugely challenging–especially when the two organisations are running different technologies.

With our new connect flows you can create credentials with less friction. As you build, easily connect flows for 50+ products (with more being added all the time). We also added some neat ways to restrict credentials by URL path or send email action. Login and see →