Every program running on a system needs specific permissions to access files, networks and other resources. A process level token acts as an ID for each program determining what it is allowed to do and access on the system. Tokens are critical for certain Windows functionalities, such as Task Scheduler, which uses this privilege to manage processes on behalf of different users.

The NIS2 Directive is the European Union’s flagship cybersecurity law, poised to significantly strengthen cyber defenses across the EU when it takes effect on 17 October 2024. This upgraded version of the 2016 NIS Directive (NIS1) not only introduces stricter rules but also broadens its reach, covering more sectors and businesses, ensuring comprehensive protection and a stronger security posture.

Summer is here, bringing thoughts of the beach, travel, and relaxation. However, summer isn’t without its chores; gardens need work, and summer houses require maintenance. Sometimes these chores can be enjoyable and even therapeutic, but most importantly, they keep our projects in good condition, allowing us to unwind and enjoy the summer months.

In February 2023, LastPass, a leading password manager service, disclosed a security breach that reminded us just how severe SaaS breaches can be. The intrusion involved a targeted attack against a DevOps engineer accessing the corporate vault, underscoring the consequences of inadequate access controls and security practices.

Artificial Intelligence (AI) and Large Language Models (LLM) have revolutionized numerous industries, from healthcare to finance. However, with this rapid adoption comes new risks, one of which is prompt injection. This emerging threat has significant implications for the security, ethics, and reliability of AI systems.

Large language models are fascinating tools for cybersecurity. They can analyze large quantities of text and are excellent for data extraction. One application is researching and analyzing vulnerability data, specifically Common Vulnerabilities and Exposures (CVE) information. As an application security company with roots in open source software vulnerability detection and remediation, the research team at Mend.io found this a particularly relevant area of exploration.