In today’s age of rapidly increasing data collection, data privacy laws are becoming more prevalent than ever. The EU’s General Data Protection Regulation (GDPR) is considered the worldwide benchmark of data privacy law. While many countries have followed similar regulations, the United States does not have a GDPR equivalent. Instead of national standards and regulations, individual states pass their own privacy laws.

Often security engineers find it difficult to scale secure code review processes either due to lack of funding, adoption to smaller sprint cycles or even security engineers failing to integrate security to agile philosophy. This post talks about various ways to address such challenges.

The data protection landscape is changing. The rapid adoption of cloud and software as a service (SaaS) greatly affects the financial industry, where many institutions rely on SaaS vendors for data protection previously implemented in-house. Moody’s Analytics relies on cloud service providers (CSPs) to adequately protect its data, showcasing the need for scalability, industry cost controls, and flexibility.

GhostSec has reported a successful breach of the FANAP Behnama software, which they describe as the “Iran regime’s very own Privacy-invading software”. This breach has resulted in the exposure of approximately 20GB of compromised software. The group alleges that the Iranian government employs the software for citizen surveillance, representing a significant advancement in the nation’s surveillance capabilities.

As the number and severity of cybersecurity attacks rise each year, organizations are compelled to look for measures to protect sensitive data. The abundance of cybersecurity solutions on the market may create confusion and pressure, as choosing the wrong one may lead to security gaps. Many companies turn to data loss prevention (DLP) systems, since they have been on the market for years. But is a DLP system enough to protect your data?

The SafeBreach Labs team is committed to conducting original research to uncover new threats and ensure our Hacker’s Playbook provides the most comprehensive collection of attacks.

The integration of machine learning into software development is revolutionizing the field, automating tasks and generating complex code snippets at an unprecedented scale. However, this powerful paradigm shift also presents significant challenges including the risk of introducing security flaws into the codebase. This issue is explored in depth in the paper Do Users Write More Insecure Code with AI Assistants? by Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh.

Since Nightfall’s inception in 2018, we’ve made it our mission to equip companies with the tools that they need to encourage safe employee innovation. Today, we’re happy to announce that we’ve expanded Nightfall’s capabilities to protect sensitive data across generative AI (GenAI) tools and the cloud. Our latest product suite, Nightfall for GenAI, consists of three products: Nightfall for ChatGPT, Nightfall for SaaS, and Nightfall for LLMs.