On September 26th, 2024, details were released about several vulnerabilities in the Common Unix Printing System (CUPS) package. A total of four CVE’s (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177) have been released, affecting many Unix and Linux distributions. Three of the vulnerabilities are rated High, while one is rated Critical. If left unpatched, a remote attacker is able to execute arbitrary commands on the affected system.

Cloud attackers are swift and sophisticated, requiring robust threat detection and response programs that can keep pace with these malicious actors born in the cloud. They exploit the automation and scale of the cloud, along with new techniques, to accelerate all stages of an attack and inflict damage within minutes.

The European Union (EU) is leading the development of comprehensive cybersecurity regulations. These frameworks shape secure digital environments and protect businesses and citizens from cyber threats. For industry leaders and cybersecurity practitioners, especially those focused on cloud technologies, understanding and navigating these frameworks is key to maintaining compliance and gaining a competitive edge.

Disruptive technologies have a learning curve in the pace of adoption and implementation. Training and education tend to follow a slower schedule and can have a hard time keeping up with discoveries happening on the bleeding edge. This is part of what led to the current cloud security skill gap. The cloud transformed software development, accelerating innovation and the pace of human creativity. But, we now know that it also formed new security challenges.

Adversaries exploit security blind spots and sneak through traditional defenses to craft attacks that impact your operations, or even worse, your reputation. One recent example is the Revival Hijack supply-chain attack, where threat actors registered new PyPi projects with names of previously deleted packages. One way to counter this imminent threat is to “shift left,” or take ownership of the code’s security posture earlier in the development process.

Foundationally, the OWASP Top 10 for Large Language Model (LLMs) applications was designed to educate software developers, security architects, and other hands-on practitioners about how to harden LLM security and implement more secure AI workloads. The framework specifies the potential security risks associated with deploying and managing LLM applications by explicitly naming the most critical vulnerabilities seen in LLMs thus far and how to mitigate them.

In the fast-paced, large-scale world of digital business, establishing and managing an acceptable risk tolerance related to user identities — both human and machine — is a critical element of organizational security. At the forefront of this challenge is the need to strike the right balance between ensuring robust security and maintaining an environment that doesn’t impede innovation. After all, identities are the new perimeter in the cloud.

Following the Sysdig Threat Research Team’s (TRT) discovery of LLMjacking — the illicit use of an LLM through compromised credentials — the number of attackers and their methods have proliferated.

A challenging dynamic exists between the CISO and the Board of Directors. While both stakeholders focus on risk management, their approaches to risk and the language they use are notably different. Though regulations like the NIS2 directive and SEC cybersecurity disclosure rules have given CISOs a bigger seat at the table, the legal requirements and operational prioritization to meet them have exposed a difference in perspective and understanding between the two roles.