In a rapidly evolving digital landscape, our reliance on mobile applications has increased dramatically. Yet, this rapid growth has also led to correspondingly soaring risks in security.

Microsoft Azure and Microsoft 365 are among the leading cloud services globally, but their limited Bring Your Own Key (BYOK) capabilities pose potential data security and compliance issues for organisations that must comply with the EU and global data sovereignty laws. Increased government concern over protecting sensitive personal, business, government and defence data in the Cloud has led to a complex regulatory landscape that aims to maintain control of citizen and government data.

We can’t see your secrets, but we can tell you if they’ve leaked on GitHub. Here’s how we do it.

Today, we’re unveiling HasMySecretLeaked, a free toolset to help security and DevOps engineers verify if their organization’s secrets have leaked on GitHub.com.

I was looking at my watch last week and my attention was moved towards the seconds over at the right of the watch face, incrementing nicely along as you’d expect. Now, I don’t know if I’d just spent too long staring at a debugger screen or if it was something in the air, but an idea dawned on me, related to all things command and control, data exfiltration, etc.

Converging networking with security is fundamental to creating a robust and resilient IT infrastructure that can withstand the evolving cyber threat landscape. It not only protects sensitive data and resources but also contributes to the overall success and trustworthiness of an organization. And just as technologies are converging, networking and security teams are increasingly working together.

Trustwave has introduced a new solution allowing organizations using Microsoft Sentinel to obtain the highest return on investment possible while keeping their security level at peak performance and improving response times. Trustwave Managed SIEM for Microsoft Sentinel is a managed solution intended to maximize an organization’s Microsoft E5 investment, specifically firms without a robust cybersecurity team.

It is common knowledge that when it comes to cybersecurity, there is no one-size-fits all definition of risk, nor is there a place for static plans. New technologies are created, new vulnerabilities discovered, and more attackers appear on the horizon. Most recently the appearance of advanced language models such as ChatGPT have taken this concept and turned the dial up to eleven.

In today’s interconnected world, secrets are the keys to unlocking sensitive data and systems. Like hidden gems for attackers, any inadvertent exposure of these secrets could lead to data breaches, unauthorized access, and security compromises. As organizations adopt DevOps practices, artifacts containing secrets are often stored and shared across various stages of the software supply chain, amplifying the risk of exposure.

Cisco has issued a warning regarding a critical security vulnerability (CVE-2023-20198) affecting its IOS XE software. With a severity rating of 10.0 on the CVSS scoring system, the vulnerability grants remote attackers full administrator privileges on affected devices without authentication.