Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Server-Side Template Injection Vulnerability in Confluence Data Center and Server (CVE-2023-22527)

On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any authentication, to inject OGNL expressions. This means they could potentially run any code they want on the compromised system.

The Security Edge: Online Faxing with Mobile Apps vs. Traditional Faxing

Businesses are constantly seeking more efficient and secure ways to handle their communication needs. One aspect that has evolved significantly is faxing, with online faxing through mobile apps emerging as a secure alternative to traditional methods. In this article, we'll explore why online faxing with mobile apps is more secure than its traditional counterpart.

Forget Deepfake Audio and Video. Now There's AI-Based Handwriting!

Researchers have developed AI technology that can mimic someone’s handwriting with only a few paragraphs of written content. Experts worry about the possibility of misuse. The Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) in Abu Dhabi announced they have developed handwriting AI based on a neural network designed to learn context and meaning in sequential data.

How to steal intellectual property from GPTs

A new threat vector discovered by Cato Research could reveal proprietary information about the internal configuration of a GPT, the simple custom agents for ChatGPT. With that information, hackers could clone a GPT and steal one’s business. Extensive resources were not needed to achieve this aim. Using simple prompts, I was able to get all the files that were uploaded to GPT knowledge and reveal their internal configuration.

Introducing the Wallarm 2024 API ThreatStatsTM Report

The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular updates, and the adoption of latest advanced security solutions.

Runtime Is The Way

The cloud security market has been totally bizarre ever since it started. Why are we being given a python script to count our workloads? How do we handle sending alerts like “new unencrypted database” to a SOC? What’s the difference between this tool and the open source options? We’re all learning together about the new processes, tools, and deployments that would define the future.

Locked and Loaded: Essential Tips to Fortify Mobile App Security

You've built a stellar app, but have you thought about its security? In today's cyber jungle, it's not only savvy but vital to protect the data in your app from threats. Dive into the essential tips to fortify mobile app security. Learn about app analytics and secure coding, and make your app functional and, most importantly, secure.

Five worthy reads: Making AI functionality transparent using the AI TRiSM framework

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week, we will explore the pivotal role of the AI trust, risk, and security management (AI TRiSM) framework in safeguarding the functionality of AI and understand why it is crucial for our protection. Any relationship needs to be fortified with trust to be successful. The human-AI relationship is not an exception.

Reflecting on the GDPR to celebrate Privacy Day 2024

Just in time for Data Privacy Day 2024 on January 28, the EU Commission is calling for evidence to understand how the EU’s General Data Protection Regulation (GDPR) has been functioning now that we’re nearing the 6th anniversary of the regulation coming into force. We’re so glad they asked, because we have some thoughts. And what better way to celebrate privacy day than by discussing whether the application of the GDPR has actually done anything to improve people’s privacy?

Retail in the Era of AI: An Industry Take on Splunk's 2024 Predictions

Macro technology trends have always impacted and influenced every aspect of the retail industry. From the days of catalog ordering and cash only transactions to today’s personalized, always-on omnichannel experiences where contactless payment has become the norm - the world of retail is almost unrecognizable.