Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

External cybersecurity threats are a well-known problem, but organizations should also be aware of managerial insider threats. These threats originate from individuals with privileged access and authority and can cause devastating damage to an organization’s data, reputation, and bottom line. In this guide, we’ll examine managerial insider threats and offer insights and strategies you can use to detect, prevent, and mitigate these risks.

Veracode is pleased to announce the general availability of our new Azure DevOps Workflow integration. This new integration provides our customers using Azure DevOps Services with easy-to-configure, event-driven security testing of their application and infrastructure code managed in their Azure DevOps Repos.

Patches are a way of life for any network administrator and are the most efficient method in place to ensure systems are running the most up-to-date and secure versions of their various software applications. For the most part, updates take place behind the scenes, with the average person only noticing a patch being installed when they are asked to reboot their machine to install the new version.

In early 2021, a new vulnerability, identified as CVE-2021-27928, was discovered and published. It affects multiple versions of the open-source relational database management systems (RDMBS) MariaDB and Percona Server, and the wsrep (write set replication) plugin for MySQL. Fortunately, security professionals swiftly released a patch to ensure that affected systems could be updated to mitigate risks.

Over the past three years, the second Tuesday of each month has turned into a hectic period of planning and remediation, driven by a 25% average annual growth rate in CVEs. Just last Tuesday, Microsoft revealed a critical TCP/IP remote code execution (RCE) vulnerability in the IPv6 stack, which has a CVSS score of 9.8 due to its criticality and ease of exploitation. For a more in-depth look, we recommend these resources.

OpenAI has launched a prototype called SearchGPT, a new AI-driven search tool that integrates advanced AI capabilities with real-time web information. This temporary prototype, currently available to a select group of users and publishers, aims to enhance how people find information online by providing fast, accurate answers with precise citations. The ultimate goal is to gather feedback and refine these features before integrating them into the broader ChatGPT platform.

Meta has announced the launch of Purple Llama, an umbrella project promoting open trust and safety in generative AI. The project features tools and evaluations designed to enable developers to deploy generative AI models and experiences responsibly in line with best practices outlined in Meta’s Responsible Use Guide.

FoondaMate, a rapidly growing AI-powered study aid known as “study buddy” in Zulu, has become an indispensable resource for middle and high school students in emerging markets. Leveraging the advanced capabilities of Meta’s Llama technology, this virtual assistant provides conversational support via WhatsApp and Messenger, helping students with schoolwork and academic challenges.

When navigating between all your devices, one term you may have been asked to provide or seen on your tech travels—perhaps when setting up a Wi-Fi connection or troubleshooting— is the network key. A network key functions like a Wi-Fi password to secure your internet connection via a Wi-Fi router or anywhere else. As we know, anything that connects to the Internet requires a strong password to protect it from leaks, hacks, or breaches, and for that, you will need a strong network key.

I’m back from another Black Hat! It was great seeing everyone. I put out a message on LinkedIn for people to come find me and, boy, did they. The hallway conversations were so engaging, I was sometimes late getting to the official talks, but I’m getting ahead of myself. AI was everywhere, as we’d expect, but I also sat down to listen to experts on other topics like critical infrastructure, cyber insurance, and the root causes of cybersecurity failure.