Day: November 14, 2023
-
Microsoft Patch Tuesday, November 2023 Edition
Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025, a weakness that allows malicious content to bypass the Windows SmartScreen…
-
Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent
A new attack campaign deploys malicious container images on cloud servers by exploiting insecure Docker Engine API endpoints. The malicious image contains a distributed denial-of-service (DDoS) botnet implant written in Python. “Once a valid endpoint is discovered, it’s trivial to pull a malicious image and launch a container from it to carry out any conceivable…
-
Code-to-cloud: Achieving complete cloud security
In the last decade, the technology industry experienced a massive shift toward the cloud where every company no matter the industry developed and deployed cloud-native applications. This pace shows no sign of stopping; we have an app economy – now bolstered by AI-led developments. Data reflects this momentum, with worldwide public cloud spending expected to…
-
New Synopsys Research Reveals a Decrease in Software Vulnerabilities
Today, Synopsys has released its 2023 Software Vulnerability Snapshot report, showcasing a notable decline in vulnerabilities within target applications. The Synopsys Cybersecurity Research Center (CyRC) analysed the data, revealing a decrease from 97% in 2020 to 83% in 2022. This positive trend suggests that practices such as code reviews, automated testing, and continuous integration are…
-
Centripetal Launches Global Partner Program
Today, threat intelligence powered cybersecurity pros Centripetal have launched their partner program to protect organisations around the world by operationalising threat intelligence to safeguard them from every known cyberthreat. The Centripetal Global Partner Program gives organisations the opportunity to implement a stronger approach to cybersecurity, putting operationalised threat intelligence at the forefront, moving from a…
-
Streaming and longer context lengths for LLMs on Workers AI
Workers AI is our serverless GPU-powered inference platform running on top of Cloudflare’s global network. It provides a growing catalog of off-the-shelf models that run seamlessly with Workers and enable developers to build powerful and scalable AI applications in minutes. We’ve already seen developers doing amazing things with Workers AI, and we can’t wait to…
-
How to Protect Businesses From Holiday Season Cyber Scams
During the Black Friday and Cyber Monday sales this year, Brits plan to spend an estimated £3 billion, with over half of UK adults (51%) planning to splash the cash over the holiday weekend. But it’s not just a lucrative time of year for businesses. Cybercriminals also look to take advantage of the increased traffic…
-
As perimeter defenses fall, the identify-first approach steps into the breach
By nearly all accounts, security leaders are increasingly shifting their focus from perimeter defenses such as the long-relied-upon firewall in favor of embracing a zero-trust approach. That, in turn, has put the need for strong identity programs front and center, and more specifically has boosted the identity-first strategy into the mainstream. Research confirms as much.…
-
ACSC and CISA launch step-by-step business continuity instructions for SMBs
Business Continuity in a Box, a set of instructions to help organizations to maintain or re-establish basic operations during or after a cyber incident, has been published by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the US Cybersecurity and Infrastructure Security Agency (CISA). Its aim is to assist businesses to establish…