Supply chain attacks, particularly those targeting continuous integration/continuous delivery (CI/CD) pipelines, are on the rise. It’s easy to think of these attacks as something that only happens to others, but the reality is that your organization is part of the supply chain too. Whether your company develops software for internal use, offers it as part of a service to your customers, or sells it as a product, you’re exposed.

The 2024 SANS Detection and Response Survey sheds new light on some all-too-familiar security challenges: security operations teams are overwhelmed with alerts, struggling to respond fast enough, and tracking the wrong KPIs. Sure, automation adoption is increasing (64% of organizations now leverage it in some capacity), but most SecOps teams are still operating in slow, reactive, and heavily manual environments.

With the rapid evolution of artificial intelligence (AI), attackers are now leveraging machine learning (ML) to mount sophisticated attacks on Application Programming Interfaces (APIs). These AI-powered threats, including adaptive bots, automated vulnerability scanning, and synthetic identity generation, represent a new wave of risks that traditional defenses are unable to address effectively.

As the gold standard for reliably storing files of varying types in the cloud, Amazon’s S3 has become synonymous with storage. While this widespread adoption is a sign of a good developer experience and reliable storage across the board, it also presents a unique opportunity for attackers looking to exploit multiple targets due to S3’s widespread adoption.

To keep pace with the scale and sophistication of cyber threats, organizations are re-evaluating how they secure the most common attack surface the endpoint. From laptops and servers to mobile devices, endpoints serve as entry points into business-critical systems. This is why Endpoint Detection and Response (EDR) tools are fast becoming a foundational layer in modern cyber defence strategies.

Cybersecurity Compliance Simplified: Governing Changing Rules and Reducing Risks cybersecurity-compliance-simplified-governing-changing-rules-and-reducing-risks Introduction With the increasing presence of sophisticated cyber threats, governments around the globe are enhancing regulations to safeguard sensitive information and key infrastructure. Not only do organizations have to be compliant with the regulations, but they also have to have sound risk management systems to safeguard their online assets.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Quite a persistent threat, but oddly sometimes easy to spot. How weird…

Read also: Alleged LockBit Developer Extradited From Israel To US, a cybercrime group dismantled in Ukraine, and more.