Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Verge came out with an article that got my attention. As artificial intelligence continues to advance at an unprecedented pace, the potential for its misuse in the realm of information security grows in parallel. A recent experiment by data scientist Izzy Miller shows another angle. Miller managed to clone his best friends' group chat using AI, downloading 500,000 messages from a seven-year-long group chat, and training an AI language model to replicate his friends' conversations.

When developing applications, organizations rely heavily on the software development lifecycle (SDLC) to engrain security into the development process early and continuously. The SDLC lays out how to build security into early steps as developers are creating and testing applications. As such, organizations are able to embed security practices when it matters most.

In the previous blog post, we described how the Docker research started and showed how we could gain a full privilege escalation through a vulnerability in Docker Desktop. In this follow-up blog post, we will show the other vulnerable functions we were able to exploit.

Today, we’re announcing the ability to build APIs with Tines. Now you can create powerful workflows by connecting more tools and processes together - all without any code at all.

Not long after impressing Microsoft 365 customers with the recent Microsoft 365 Copilot announcement, Microsoft have launched another AI-powered Copilot product. This time with a whole new set of possibilities – introducing Microsoft Security Copilot.

SIM swapping is when a cybercriminal impersonates someone in order to convince a mobile carrier to activate a new SIM card. These bad actors use social engineering tactics, claiming “their phone” was supposedly lost, stolen or damaged, when in reality, it was never their phone to begin with. When a cybercriminal successfully SIM swaps, they can more easily steal someone’s identity because they can now receive their text messages and phone calls.

CrowdStrike today introduced CrowdStrike Falcon® Complete XDR, a new managed extended detection and response (MXDR) service that builds on the industry-leading CrowdStrike Falcon® Complete managed detection and response (MDR) service to give customers 24/7 expert-driven management, threat hunting, monitoring and end-to-end remediation across all key attack surfaces to close the cybersecurity skills gap.

At Trustwave, we see scores of requests for proposal (RFP) in all shapes and sizes, originating from nearly every conceivable industry, seeking solutions to their specific security challenges and desired business outcomes. To help those issuing the RFP and the vendor on the receiving end, I’ve drawn up some simple guidelines to follow that will help your RFP process run smoothly.

In this final part, we'll discuss more software supply chain security frameworks and the critical role of secrets detection in them. We'll explore the NIST SSDF, SLSA, and OSC&R frameworks and how they cover the topic of secrets in software supply chain security.

It's early in the morning on an unseasonably warm Tuesday in October. You're checking your email as you enjoy your first cup of coffee or tea for the day, and you almost do a spit-take when you read that OpenSSL has a forthcoming release to fix a CRITICAL vulnerability. Immediately, visions of Heartbleed pop into your head.