Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Building for the Future DevSecOps in the era of AI ML Model Development

Melissa McKay, JFrog Developer Advocate, and Sunil Bemarkar, AWS Sr. Partner Solutions Architect, discuss practical ways to mature your MLOps approach including bringing model use and development into your existing secure software supply chain and development processes. Watch to learn more and get a demo of the JFrog and Amazon SageMaker integration.

Keeping humans in the loop of AI-enhanced workflow automation: 4 best practices

In today's rapidly advancing technology landscape, the role of people in workflow automation and orchestration is more critical than ever. At Tines, we firmly believe that human oversight should be an integral part of important workflows, ensuring that all decisions are grounded in context and experience. AI in Tines is secure and private by design. This means the platform doesn’t train, log, inspect, or store any data that goes into or comes out of language models.

TracFone Breach Underscores Critical Need for Mobile Carrier API Security

The recent Federal Communications Commission (FCC) settlement with TracFone Wireless, Inc. (TracFone) for $16 million highlights a critical vulnerability within the mobile telecommunications industry: API security. The investigation revealed unauthorized access to customer data through weaknesses in TracFone's mobile carrier APIs. This incident reminds mobile carriers to prioritize robust API security measures to safeguard customer data and ensure network integrity.

The evolution of cloud security: Lessons from the past to navigate the future

Remember asking your teachers when you would need to know history facts outside of school? They probably said that learning history is important in understanding our past and how society has changed and progressed over time, and that we can learn from past experiences and mistakes. They were right, of course (even if it might not have felt like it then). And that’s all equally true when it comes to the history of security.

Ransomware Payments Decline While Data Exfiltration Payments Are On The Rise

The latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access tactics. According to Coveware’s Q2 2024 Ransomware Quarterly Report, we see a few interesting trends: A new data point brought to light this quarter is the data exfiltration only (DXF) payment trend, which is relatively flat despite fluctuating between 53% in Q1 of 2022 when tracking began, down to a low of 23% in Q1 of this year.

Latest Phishing Scam Uses Cross-Site Scripting Attack to Harvest Personal Details

Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites. We saw earlier this year that phishing attacks leveraging XSS were on the rise. Now, new scams are using XSS to hide their malicious intent within emails, according to new analysis from cybersecurity vendor INKY. These attacks usually begin with an email stating the victim has won something, as shown below: Source: INKY.

Runtime anomaly detection in Kubernetes: enhancing security through context-aware profiling

Runtime anomaly detection is fast becoming a critical component for protecting containerized environments. Recent advancements in this field are addressing long-standing challenges and introducing innovative approaches to enhance security posture.