In a recent ad on a closed Telegram channel, a known threat actor has announced it’s recruiting AI and ML experts for the development of it’s own LLM product.

With authentication, you can face serious consequences if you follow the old motto, “if it ain’t broke, don’t fix it.” From applications to APIs, authentication tells you whether the person or technology accessing a resource is legitimate. In 2017, the Open Worldwide Application Security Project (OWASP), identified broken authentication as #2 on its list of Top 10 application security threats.

Welcome to the final installment in our “Add to Chrome?” research! In this post, we'll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses models or algorithms to help find threat-hunting leads, or to help make complex problems more approachable.

A passphrase is a more secure way to create a password that uses a string of random words instead of a string of random characters. Passphrases tend to be easier to remember, longer and more secure than most user-generated passwords. However, weak passphrases are still susceptible to password-related cyber attacks.

Password entropy is a measurement of how difficult it would be for a cybercriminal to crack or successfully guess your password. When calculating password entropy, the calculation takes into account how long your password is and the variation of characters you’re using. Character variations include the use of uppercase and lowercase letters, numbers and symbols. Continue reading to learn more about the importance of password entropy and how you can calculate it using the password entropy formula.

In late 2023, Synopsys released the “Global State of DevSecOps” report. The report explored crucial topics in the realm of DevSecOps and outlined practical approaches for implementing effective, resilient, and scalable application security (AppSec) approaches. These approaches can help organizations strengthen their AppSec programs in 2024.

Generative AI has captured the imagination of the world by being able to produce poetry, screenplays, or imagery. These tools can be used to improve human productivity for good causes, but they can also be employed by malicious actors to carry out sophisticated attacks. We are witnessing phishing attacks and social engineering becoming more sophisticated as attackers tap into powerful new tools to generate credible content or interact with humans as if it was a real person.

Today, Cloudflare is announcing the development of Firewall for AI, a protection layer that can be deployed in front of Large Language Models (LLMs) to identify abuses before they reach the models. While AI models, and specifically LLMs, are surging, customers tell us that they are concerned about the best strategies to secure their own LLMs. Using LLMs as part of Internet-connected applications introduces new vulnerabilities that can be exploited by bad actors.

The United States Cybersecurity and Infrastructure Agency (CISA) and seventeen international partners are helping shape best practices for the technology industry with their ‘Secure by Design’ principles. The aim is to encourage software manufacturers to not only make security an integral part of their products’ development, but to also design products with strong security capabilities that are configured by default.

In today's fast-paced digital landscape, developers face increasing pressure to deliver secure applications within tight deadlines. With the emphasis on faster releases, it becomes challenging to prioritize security and prevent vulnerabilities from being introduced into production environments. Integrating dynamic application security testing (DAST) into your CI/CD pipeline helps you detect and remediate vulnerabilities earlier, when they are easier to fix.