Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Passwords, PINs, and codes aren’t just part of your online world. From hotel safes and Wi-Fi passwords to gym lockers and alarm codes, you often need access to data that’s tied to a specific location in the real world (and in the case of alarm codes, you need it in a hurry). Wouldn’t it make life so much easier if you had a simple, quick way to find those items exactly when and where you need them? Well, now you can, thanks to a new capability in the 1Password app.

In December 2024, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and International Partners published a guide for “protecting communications infrastructure” in response to the discovery that a stealthy Chinese government threat actor, Salt Typhoon, had infiltrated a number of US telecommunications firms.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! There’s that old saying about whatever you post on the internet will haunt you forever…

Software security is not a set-it-and-forget-it process, but regular monitoring is important. Now, the Open Web Application Security Project (OWASP) is a non-profit foundation that provides a wealth of information about web application security. They have provided a list of the Top 10 Web Application Security Risks.

Azure RBAC is basically a mature system of fine-grained access management for the Azure resources. Azure RBAC enables you to grant users, groups, service principals, and managed identities access to Azure resources, as a scope specifies. These scopes can be a subscription, a resource group, or even a single resource. RBAC assists in making sure that only approved users can control or manipulate particular resources and therefore shields Azure settings.

Ransomware-as-a-service is a business model where ransomware operators and third parties, called “affiliates,” work together to launch ransomware attacks. RaaS was first identified in 2012 with the Reveton ransomware strain, and in the subsequent decade it has exploded into a sophisticated and ever-evolving cybercrime tactic.

With collaboration and efficiency a top priority, Egnyte’s partnership with Microsoft is revolutionizing the way teams work together. Many organizations are already leveraging Microsoft Office products, and now it’s easier than ever for them to streamline their procurement process and get the most out of their technology investments. Starting today, Egnyte is available through the Microsoft Azure Marketplace!

Up to 27 days to fix a leaked secret? We feel your pain. Explore how contextual secrets management helps you take control, cut remediation time, and strengthen your security posture. Don't just detect, understand your secrets.

The Payment Card Industry Data Security Standard (PCI DSS) is a global security framework established by major credit card brands that outlines security requirements for any organization handling cardholder data, including encryption, access control, and network security. PCI DSS is regularly updated, and Version 4.0, effective March 2025, focuses on allowing organizations to tailor security controls to their specific needs.

In recent years, Transformer models have been the backbone of the revolution within the artificial intelligence sector. They are the basis of large language models (LLMs) and responsible for LLMs’ ability to understand and generate text of a human-like quality. Transformers are able to learn long-range interactions between words and sentences, allowing them to retain high-level concepts and insights into their training data.