Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Why Presidio and Other Data Masking Tools Fall Short for AI Use Cases Part 1

Data privacy and security are critical concerns for businesses using Large Language Models (LLMs), especially when dealing with sensitive information like Personally Identifiable Information (PII) and Protected Health Information (PHI). Companies typically rely on data masking tools such as Microsoft’s Presidio to safeguard this data. However, these tools often struggle in scenarios involving LLMs/AI Agents.

4 Tips to Stay Secure for Cybersecurity Awareness Month

October is Cybersecurity Awareness Month (CSAM). It’s a crucial time to equip ourselves with the knowledge and tools to navigate the digital landscape safely. With remote work, virtual learning, and the rapid adoption of new technologies, cyber threats are at an all-time high. As cybersecurity professionals, we have a unique opportunity to spread awareness and share our expertise to help others stay secure online.

Docker Zombie Layers: Why Deleted Layers Can Still Haunt You

Docker Zombie Layers are unreferenced image layers that continue to exist for weeks in registries, even after being removed from a manifest. In this hands-on deep dive, we explore how these layers can persist in registries and why ensuring the immediate revocation of exposed secrets is critical.

Don't Treat DAST Like Dessert

Dynamic Application Security Testing (DAST), sometimes referred to as “pentesting in a box”, tests running code for a variety of issues that can’t easily be found by analyzing code with static scanning tools. DAST tools are platform and language agnostic—as long as you have a website or API they can connect to, they’ll get the job done, and find real vulnerabilities in the same places an attacker would.

Understanding Drive-by Download Attacks

An employee at a large organization is doing research for a client and clicks on what they believe is a legitimate website. What they don’t realize is, while they’re browsing, malware in the form of a Trojan virus is swiftly downloading onto their endpoint. The Trojan jumps from the endpoint into the organization’s network, and suddenly, their cybersecurity system rings alarms as ransomware takes hold in the environment.

Analyzing Latrodectus: The New Face of Malware Loaders

This report is the latest in a series that will delve into the deep research the Trustwave SpiderLabs Threat Intelligence team conducts daily on the major threat actor groups currently operating globally. The information gathered is part of a data repository that helps Trustwave SpiderLabs identify possible intrusions as it conducts threat hunts, vulnerability scans, and other offensive and defensive security tasks.

SnykLaunch Oct 2024: Enhanced PR experience, extended visibility, AI-powered security, holistic risk management

After almost a decade in business, we’ve had the opportunity to watch the software development industry change dramatically. Developers work with more moving parts than ever, relying on technologies like third-party resources and AI coding assistants to release sophisticated software on tight deadlines. While we’ve been talking about the relationship between development and security for the past decade, the DevSecOps conversation has shifted quite a bit.

BDRSuite Beta Release: Exciting New Features for Proxmox Environment, Including Proxmox Cluster Backup Support

BDRSuite has taken a significant step forward with its latest beta release, focusing on expanding backup support for Proxmox cluster environments. This beta version introduces several powerful features designed to enhance the flexibility and efficiency of backup and recovery processes.

Stay Ahead of Ransomware: Comprehensive Solutions against DragonForce Attacks

In the ever-evolving landscape of cybersecurity threats, the DragonForce ransomware group has quickly become a serious menace to organizations worldwide. First discovered in August 2023, DragonForce has made headlines by leveraging two powerful ransomware variants—a fork of the infamous LockBit3.0 and a modified version of ContiV3.