Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024

netskope

How to Navigate Data Security in the GenAI Era

Jul 2, 2024 By Richard Davis In Netskope
Since its mainstream emergence in 2022, generative AI has triggered a seismic shift in data management and security. It is estimated that one in four employees now uses genAI apps daily, often unbeknownst to their employer and IT team. This raises concerns, as genAI is designed with a voracious appetite for consuming both mundane and sensitive data. Effectively securing your data as genAI becomes prevalent is a strategic imperative.
Read Post
neosystems

How CMMC Will Improve Your Cybersecurity Posture

Jul 2, 2024 By Caitlin Bognar In NeoSystems
In the ever-evolving landscape of cybersecurity, safeguarding critical data from unauthorized access is paramount. Our recent webinar, “Shut the Front Door,” provided invaluable insights aimed at business leaders, operations executives, and IT managers within the government contracting community, emphasizing the necessity of robust access control measures and adherence to regulations like the FAR, DFARS, and NIST 800-171.
Read Post

Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

Jul 2, 2024 By GitGuardian In GitGuardian
Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys, and their impact, and share research methodology, ethical considerations, and steps to prevent exposure.
View Video

Random but Memorable - Bonus Episode: Fireside Chat with Sara Teare & Adamaka Ajaelo

Jul 2, 2024 By 1Password In 1Password
Surprise! Tune in for our special bonus episode, as we host a founder-to-founder fireside chat. Join 1Password Founder, Sara Teare, and Self-eSTEM founder, Adamaka Ajaelo as they share their personal experiences as women in STEM careers and the things they've learned along the way. Settle in and learn how you can overcome some of the common challenges when working in the cybersecurity industry. We hope you enjoy this bonus episode!
View Video
Tines

Exploring generative AI guardrails: The Tines approach

Jul 2, 2024 By Thomas Kinsella In Tines
Innovation rarely starts with acknowledging the restrictions. It’s only after you’ve fleshed out the practical concepts that you begin to understand how they can align with the predefined boundaries, ensuring that your final product is both useful and compliant. This dynamic process encourages a more organic pathway to discovery, leading to solutions that are not only innovative but also viable within the given constraints.
Read Post
ThreatQuotient

Useful questions to navigate the TIP vendor landscape

Jul 2, 2024 By Guest Blog In ThreatQuotient
In today’s escalating threat landscape, Security Operations Center (SOC) teams face a constant cat and mouse battle against adversaries as they try to stay one step ahead. This situation isn’t helped by the fragmented tools; multiple data feeds and data siloes they must contend with. Likewise, with so many security vendors out there with different approaches and solutions, how do they know what cybersecurity solutions they should be investing in?
Read Post
sysdig

Want Your Third Parties To Take Security Seriously?

Jul 2, 2024 By Crystal Morin In Sysdig
In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.
Read Post
tripwire

Superior Integrity Monitoring: Getting Beyond Checkbox FIM

Jul 2, 2024 By Fortra Staff In Tripwire
Contrary to what one might expect, creating a File Integrity Monitoring (FIM) system is pretty easy. Practically anyone with a modicum of Python, Perl, or development skills can write an app or script to gather a file's checksum, compare it to a list or baseline, and tell you whether or not said file has changed. But creating a good FIM solution is hard. Many inadequate checkbox File Integrity Monitoring solutions are on the market because while detecting change is easy, reconciling it is not.
Read Post
kovrr

Likely Disclosure Inconsistencies With Massive Snowflake Data Breach

Jul 2, 2024 By Kovrr In Kovrr
‍After unearthing evidence as early as May 2024, cloud computing–company Snowflake released an official statement on June 2, reporting that they were investigating a series of targeted cyber events. A week later, Google's Mandiant, who, alongside Crowdstrike, is aiding Snowflake in this investigation, concluded that clients had been attacked after malicious actors had gotten access to compromised credentials.
Read Post
trilio

OpenStack vs. Kubernetes: Building Resilient Cloud Infrastructure

Jul 2, 2024 By Rodolfo Casas In Trilio
In cloud computing, two platforms stand out: OpenStack and Kubernetes. OpenStack, an infrastructure-as-a-service (IaaS) platform, enables the creation and management of virtualized data centers that cater to diverse workloads. Kubernetes, a container orchestration platform, excels at managing large-scale, distributed applications, facilitating rapid deployment and scaling. The OpenStack vs.
Read Post
vista infosec

Chip maker launches probe into data theft amid cybersecurity concerns

Jul 2, 2024 By Narendra Sahoo In VISTA InfoSec
American chip giant Advanced Micro Devices, Inc. (AMD) announced that it has launched a probe of a data breach carried out by a cybercriminal group called Intelbroker that led to several private documents and information being stolen which occurred early this month. In a statement to media outlets, the company spokesperson said that it is working closely with the authorities and a third-party hosting partner to investigate the impact of the breach.
Read Post
foresiet

New Critical GitLab Vulnerability Threatens Software Development Security

Jul 2, 2024 By Foresiet In Foresiet
A critical vulnerability in GitLab, a widely-used Git repository platform, has been discovered, threatening the integrity of software development pipelines. GitLab has urged users running vulnerable versions to patch CVE-2024-5655 immediately to prevent potential CI/CD malfeasance. GitLab's Latest Security Patch GitLab, second only to GitHub in popularity, recently released updates for its Community (open source) and Enterprise Editions.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.