Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Founder's Corner: Episode 3

Welcome to Episode Three of Salt Security’s Podcast Series: Founder’s Corner Salt’s CEO and Co-founder, Roey Eliyahu, talks with Salt’s CMO, Michael Callahan, about the first step of the customer journey in API Security: Discovery (also known as the crawl stage). They dive into topics around Discovery (as well as Salt’s phases of Discovery), Data Security, Shadow and Zombie APIs, GenAI, and how Salt is utilizing AI.

Dell's API Security Failure: How 49 Million Records Were Exposed #dell #DataBreach #dataleaks

In this video, we examine two significant API security failures, each with devastating consequences. The first breach used a simple trial-and-error method, exploiting broken access control to impact 10 million users. In the Dell example, API abuse exploited a lack of validation and rate limiting, allowing an attacker, posing as a partner, to scrape 49 million records over several weeks. These cases highlight the importance of robust API security practices, especially for business processes and access control. Watch to learn key takeaways on protecting APIs from similar attacks.

Understanding Repo_GPGcheck

Repo_GPGcheck ensures linux verifies the authenticity of software packages downloaded from repositories, reinforcing overall system security and safeguarding against unauthorized software sources. A repository in Linux is a storage location where software packages are managed and organized. When installing or updating software, Redhat based Linux systems pull the required packages from these repositories using the YUM (Yellowdog Updater, Modified) package manager.

Password vs Passphrase: What's the Difference and Which is Better?

It’s almost impossible to use the internet without setting up a password, they are the heart of managing our accounts online. We all know the importance of preventing access to our accounts. Unfortunately, passwords are always at risk from hackers trying to access our accounts. Even if you have the strongest password available, with one accidental click on a phishing email or spoofed website, we could accidentally give cybercriminals access to our accounts or sell our accounts on the dark web.

Major cyber attacks and data breaches of 2024

As 2024 draws to a close, the cybersecurity landscape continues to evolve, marked by both familiar adversaries and emerging threats with newer technologies and improved tactics. Rather than merely cataloguing breaches, we look into the anatomy of significant cyber attacks, associated vulnerabilities that led to such events, and relevant controls. We’ve chronicled key developments month by month, offering a comprehensive view of the cyber attacks of 2024 narrative that would help you learn lessons.

Understand How Internet Exposure Impacts Vulnerability Management and Cyber Risk

As organizations continue to embrace digital transformation, their infrastructure increasingly spans cloud environments, third-party integrations, and remote work setups. This shift enhances efficiency and productivity—but also broadens the digital attack surface, creating new points of exposure to the public internet.

Best practices for monitoring LLM prompt injection attacks to protect sensitive data

As developers increasingly adopt chain-based and agentic LLM application architectures, the threat of critical sensitive data exposures grows. LLMs are often highly privileged within their applications and related infrastructure, with access to critical data and resources, making them an alluring target for exploitation at the client side by attackers. In particular, LLM applications can be compromised to expose sensitive data via prompt injection attacks.