Securing complex cloud environments is as crucial as it is challenging. The surface area for attack is vast. With the elastic nature of cloud resources, a single compromised service could allow attackers to take over large portions of your infrastructure, often lurking undetected for extended periods. This presents a significant risk to your organization, as your dynamic and ever-evolving cloud environment makes it difficult to maintain control over who has access to what.

Eric Brüggemann, the new CEO of Code Intelligence, stepped into the role in September. We asked him about his vision of the role and future of AI and fuzz testing in securing automotive software.

Netcraft warns that scammers are posting QR code stickers on parking meters in the UK and other European countries. In the UK, the QR codes lead to phishing sites that impersonate the parking payment app PayByPhone. The phishing sites are designed to steal personal information and payment data.

Once upon a time, security awareness training resembled a never-ending game of Tetris. Threats cascaded down, demanding swift action and strategy, only to speed up until we inevitably faltered. Today, we've entered a new realm of engagement, creativity, and community in human risk management.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

Large Language Models (LLMs) have become central to many AI-driven applications. These models, such as OpenAI’s GPT and Google’s Bard, process massive amounts of data to generate human-like responses. Their ability to handle natural language has revolutionized industries from customer service to healthcare. However, as their use expands, so do concerns about LLM security. LLM security is critical because these models handle sensitive data, making them tempting targets for cybercriminals.

A Data Protection Officer (DPO) can be called as an ally for organizations that deals with large amount of Privacy related data in its core operation. They are appointed based on article 37 of GDPR, and help organizations stay compliant with data protection laws by overseeing data security policies, monitoring internal compliance, and providing expert advice for staffs managing the potential data privacy risks.

In a significant move towards enhancing the security of its Android operating system, Google has announced a substantial reduction in memory vulnerabilities by adopting memory-safe programming languages, particularly Rust. This shift aligns with Google's secure-by-design philosophy, aiming to minimize security risks associated with new code development. In this blog, we’ll explore the implications of this transition, the statistical outcomes, and what this means for the future of secure coding.

Mozilla, the organization behind the popular Firefox browser, is facing scrutiny from the European digital rights group NOYB (None Of Your Business) over alleged privacy violations. The complaint, lodged with Austria’s data protection authority, claims that Firefox employs a feature known as "Privacy-Preserving Attribution" (PPA) to track user behavior without explicit consent. This controversy raises significant questions about user privacy and the ethical responsibilities of tech companies.