As we announced earlier today, Nightfall is thrilled to team up with Snyk to provide a state-of-the-art security solution for developers working in every phase of the code-to-cloud lifecycle. But that’s just the “What”—now let’s dive into the “Why” and the “How.”
The AEC industry has come a long way from traditional paper-based processes. With advancements in technology over the past three decades, there’s been a remarkable transformation towards a digital future. It began with Computer-aided Design (CAD), then Building Information Modeling (BIM), and eventually capabilities such as modeling, visualization, simulation, analysis, automation, generative design, and even AI.
On October 11 a new version of curl (8.4.0) was released, where a couple of new vulnerabilities were fixed (CVE-2023-38545 with severity HIGH and CVE-2023-38546 with severity LOW). These issues were previously announced in the project’s discussion. At the time of this blog, there have been several proof of concepts released for CVE-2023-38545 which result in crashes, but not exploitation.
Staying ahead of potential threats and breaches is a constant battle. One innovative solution is the use of “canaries” to detect attempted intrusions. Canary assets are one clever way to detect intruders in your network.
The cloud has introduced entirely new environments, roles and circumstances that require us to reimagine the definition of privileged access management (PAM) and how to apply those principles to secure identities. PAM was built on the notion that identities must be secured, not just managed, to protect an organization’s most valuable assets. The well-recognized values of PAM remain highly desirable – least privilege, role-based access control and auditability of high-risk sessions.
As we are in the midst of Cybersecurity Awareness Month, and in the lead-up to our own Secure Connected Future Summit which we are hosting in November, I feel that a lot of the focus when it comes to cybersecurity still tends to be on prevention tactics. However, I would argue that it is not just about having the right defensive cybersecurity tools in place, but it is also about understanding how the organisation will recover from an incident – how quickly and at what cost to the business.
Read also: Spanish police cuff 3 in a phishing gang bust, $3M in Bitcoin stolen by Palestinian scammers recovered, and more.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. I wish they hadn’t suggested that using more machines might have brought the Internet down properly…
Researchers successfully extracted valid hard-coded secrets from Copilot and CodeWhisperer, shedding light on a novel security risk associated with the proliferation of secrets.
