Connect with Microsoft at these cybersecurity events in 2024

Connect with Microsoft at these cybersecurity events in 2024

In the cybersecurity industry, there are many events to choose from. You as a cybersecurity professional are left wondering which events are worth your time. Each year, Microsoft hosts and participates in numerous events focused on equipping security professionals of all levels with the knowledge, skills, and tools you need to elevate your cybersecurity approach … Read more

3 new ways the Microsoft Intune Suite offers security, simplification, and savings

3 new ways the Microsoft Intune Suite offers security, simplification, and savings

The power of endpoint management Learn how to empower your workforce  Today, we are taking a significant step in completing the delivery of functionality we promised when we first unveiled the vision for the Microsoft Intune Suite.1 We are launching three new solutions: Microsoft Intune Enterprise Application Management, Microsoft Intune Advanced Analytics, and Microsoft Cloud … Read more

Bazel PoC attack highlights transitive vulnerability risk in custom GitHub Actions

Bazel PoC attack highlights transitive vulnerability risk in custom GitHub Actions

Security researchers demonstrated a software supply-chain attack that could have allowed them to backdoor the codebase of Bazel, a Google-developed open-source tool for automating software building and testing. The attack exploited vulnerabilities in a custom GitHub Action used by the project in its CI/CD workflows, highlighting how security issues can be inherited from third-party CI/CD … Read more

UN Cybercrime Treaty Could Endanger Web Security

Royal Hansen, Vice President of Privacy, Safety and Security Engineering This week, the United Nations convened member states to continue its years-long negotiations on the UN Cybercrime Treaty, titled “Countering the Use of Information and Communications Technologies for Criminal Purposes.”  As more aspects of our lives intersect with the digital sphere, law enforcement around the … Read more

How is IR sniping and AI changing the game in today’s ever-evolving threat situation?

How is IR sniping and AI changing the game in today’s ever-evolving threat situation?

In today’s rapidly evolving cybersecurity landscape, having a proficient security team in place is not enough. Organizations must understand the nuances of modern risks. The third and fourth episodes of the Unit 42 Threat Vector podcast shed light on two critical aspects: IR sniping and the disruptive role of AI in cyberattacks. These factors revolutionize … Read more

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Arrests in 0M SIM-Swap Tied to Heist at FTX?

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day. A graphic … Read more

What is HTTP Request Smuggling and HTTP/2 Downgrading?

What is HTTP Request Smuggling and HTTP/2 Downgrading?

Have you heard of the term HTTP Request Smuggling? What about HTTP/2 Downgrading? Well, these are vulnerabilities that can be exploited by cybercriminals when there are issues between the front-end and back-end of websites. If left unresolved, these can result in some very dire consequences for any business. The IT Security Guru chatted with Love … Read more

Protect AI adds LLM support with open source acquisition

Protect AI adds LLM support with open source acquisition

AI and ML security platform Protect AI has integrated a widely used, open source large language model (LLM) security tool — LLM Guard — into existing offerings after acquiring its developer Laiyer AI. Available as a Python package accessible through a preferred installer program (PIP) package manager, LLM Guard is a security toolkit for LLM … Read more

US security agencies terminate China-backed hacking attempt

US security agencies terminate China-backed hacking attempt

The US administration has claimed to have stopped a China-sponsored attempt to place malware that could potentially damage the country’s critical infrastructure. “The hackers, Volt Typhoon, used privately owned SOHO [Small Office and Home Office] routers infected with the ‘KV Botnet’ malware to conceal the PRC [People’s Republic of China] origin of further hacking activities … Read more

Salt Security Joins AWS Lambda Ready Program

Salt Security Joins AWS Lambda Ready Program

Today, API security company Salt Security has announced that it has been accepted to the Amazon Web Services (AWS) Lambda Ready Program. Salt now supports and simplifies deployments to AWS Lambda, allowing customers to capture API traffic flowing through serverless environments using Amazon API Gateway, both REST and HTTP, with no risk for any latency or … Read more

jsplaces