Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

netskope

How to Navigate Data Security in the GenAI Era

Jul 2, 2024 By Richard Davis In Netskope
Since its mainstream emergence in 2022, generative AI has triggered a seismic shift in data management and security. It is estimated that one in four employees now uses genAI apps daily, often unbeknownst to their employer and IT team. This raises concerns, as genAI is designed with a voracious appetite for consuming both mundane and sensitive data. Effectively securing your data as genAI becomes prevalent is a strategic imperative.
Read Post
Tines

Exploring generative AI guardrails: The Tines approach

Jul 2, 2024 By Thomas Kinsella In Tines
Innovation rarely starts with acknowledging the restrictions. It’s only after you’ve fleshed out the practical concepts that you begin to understand how they can align with the predefined boundaries, ensuring that your final product is both useful and compliant. This dynamic process encourages a more organic pathway to discovery, leading to solutions that are not only innovative but also viable within the given constraints.
Read Post

Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

Jul 2, 2024 By GitGuardian In GitGuardian
Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys, and their impact, and share research methodology, ethical considerations, and steps to prevent exposure.
View Video
sysdig

Want Your Third Parties To Take Security Seriously?

Jul 2, 2024 By Crystal Morin In Sysdig
In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.
Read Post
ThreatQuotient

Useful questions to navigate the TIP vendor landscape

Jul 2, 2024 By Guest Blog In ThreatQuotient
In today’s escalating threat landscape, Security Operations Center (SOC) teams face a constant cat and mouse battle against adversaries as they try to stay one step ahead. This situation isn’t helped by the fragmented tools; multiple data feeds and data siloes they must contend with. Likewise, with so many security vendors out there with different approaches and solutions, how do they know what cybersecurity solutions they should be investing in?
Read Post

Developing in the Age of AI, with Cloudflare's Ricky Robinett

Jul 2, 2024 By Cloudflare In Cloudflare
Experience a deeper understanding of AI's transformative potential! Watch our exclusive video, 'Developing in the Age of AI,' featuring profound insights shared by Cloudflare’s Vice President of Developer Relations, Ricky Robinett. Explore the dynamic convergence of cybersecurity and AI efficacy. Share your details to unlock privileged access to this video, empowering you with the profound insights that shape the technological landscape.
View Video
vanta

10 important questions to add to your security questionnaire

Jul 2, 2024 By Vanta In Vanta
The technology your organization uses is integral to its success. When selecting vendors, security should be at the forefront of your decision. A strong vendor review process is crucial for selecting partners that align with your company's security goals, and security questionnaires are a key step in this process.
Read Post
Trustwave

5 Reasons Employees Hate Cybersecurity Training and 6 Tips to Turn Them Around

Jul 2, 2024 By Trustwave In Trustwave
Cybersecurity is no longer solely an IT department’s concern; it's a company-wide responsibility. But with busy schedules and overflowing inboxes, getting employees to truly pay attention to cybersecurity training can feel like an uphill battle. Let’s start off with why too many staffers are apt to mentally tap out when taking an awareness course. Now, let’s look at how to design a cybersecurity awareness program that will keep employees engaged and informed.
Read Post
kovrr

Likely Disclosure Inconsistencies With Massive Snowflake Data Breach

Jul 2, 2024 By Kovrr In Kovrr
‍After unearthing evidence as early as May 2024, cloud computing–company Snowflake released an official statement on June 2, reporting that they were investigating a series of targeted cyber events. A week later, Google's Mandiant, who, alongside Crowdstrike, is aiding Snowflake in this investigation, concluded that clients had been attacked after malicious actors had gotten access to compromised credentials.
Read Post
Arctic Wolf

Polyfill Supply Chain Attack Impacts 100K+ Sites

Jul 2, 2024 By Steven Campbell In Arctic Wolf
On June 24, 2024, cybersecurity company Sansec published a security advisory detailing how an associated Polyfill domain (cdn.polyfillio) was being used to insert malicious code in scripts served to mobile end users in a web supply chain attack. Polyfill is a popular open-source JavaScript library embedded in more than 100,000 websites to provide polyfills, a small piece of code (usually JavaScript) that helps provide modern functionality on older browsers.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.