Vulnerability scans are essential to an effective cyber defense strategy, offering a proactive approach to uncover and mitigate potential threats before they can exploit your systems. At the forefront of this crucial practice are Tenable and RiskOptics, each offering comprehensive solutions designed to conduct thorough vulnerability assessments. These tools identify weaknesses and help prioritize and address them, significantly strengthening your overall security posture.

In the realm of AI collaboration, Hugging Face reigns supreme. But could it be the target of model-based attacks? Recent JFrog findings suggest a concerning possibility, prompting a closer look at the platform’s security and signaling a new era of caution in AI research. The discussion on AI Machine Language (ML) models security is still not widespread enough, and this blog post aims to broaden the conversation around the topic.

A few years ago, REI embarked on its digital transformation and cloud migration journey, moving on-prem development environments to AWS. But, as REI’s development teams began this transition, their security counterparts noticed that application security just wasn’t keeping up. As a result, REI began another journey: identifying the right security tooling and cultural shifts for AppSec success.

ConnectWise ScreenConnect, a widely used remote desktop product, has recently been found vulnerable to two critical security flaws, assigned CVE numbers CVE-2024-1709 and CVE-2024-1708. These vulnerabilities, if exploited, can lead to remote code execution, potentially compromising sensitive data and critical systems. What’s more alarming is that reports are indicating active exploitation of these vulnerabilities in the wild.

In today's digital landscape, web applications and APIs are constantly under threat from malicious actors looking to exploit vulnerabilities. A common and dangerous attack is a SQL injection. In this blog, we will explore SQL injection vulnerabilities and attacks, understand their severity levels, and provide practical steps to prevent them. By implementing these best practices, you can enhance the security of your web applications and APIs.

While tech sector media coverage on cybersecurity has primarily focused in recent years on trends such as ransomware attacks, vulnerabilities in the DevOps chain, and the growing role of AI in combating threats, a quiet but significant development has been advancing under the radar on several fronts: we refer to the more assertive stance taken by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to elevate security best practices in government and the private sector.

ConnectWise urges organizations using an on-premises installation of the ScreenConnect remote monitoring and management software (formerly known as ConnectWise Control) to update servers to version 23.9.8 immediately due to a critical remote code execution vulnerability. The ScreenConnect remote desktop product is at risk due to a pair of vulnerabilities: CVE-2024-1709 and CVE-2024-1708.

Did you know that GitHub Copilot may suggest insecure code if your existing codebase contains security issues? On the other hand, if your codebase is already highly secure, Copilot is less likely to generate code with security issues. AI coding assistants can suggest insecure code due to their limited understanding of your specific codebase. They imitate learned patterns or utilize available context without providing judgment.