Discover how an overprovisioned SAS token exposed a massive 38TB trove of private data on GitHub for nearly three years. Learn about the misconfiguration, security risks, and mitigation strategies to protect your sensitive assets.
The best part of our job is the time we spend talking to Cloudflare customers. We always learn something new and interesting about their IT and security challenges. In recent years, something about those conversations has changed. More and more, the biggest challenge customers tell us about isn’t something that’s easy to define. And it’s definitely not something you can address with an individual product or feature.
What are AI Phishing Attacks? AI phishing attacks, also known as AI-powered phishing or AI-driven phishing, are sophisticated cyberattacks that leverage artificial intelligence and machine learning algorithms to craft and execute highly convincing phishing attempts. These attacks are designed to deceive individuals or employees into divulging sensitive information, such as login credentials, financial details, or personal data. How Do AI Phishing Attacks Work?
Build secure cloud-native applications by avoiding the top five security pitfalls we lay out in our Secure Cloud-native Development Series. This blog is the fifth and final part of the series, and it will teach you to handle credentials and secrets management best practices for securing cloud-native applications. Every organization has their way of managing credentials. In the past, with legacy application architectures, this was a bit more manual and arduous.
According to CSO the fines incurred for data breaches or non-compliance with security and privacy laws, for only a handful of companies, has cost $4.4 billion. The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years (IBM). The challenge for organizations is how to safeguard sensitive information while adhering to the law, but without compromising innovation. Cyber threats loom large, affecting businesses in every industry.
In the dynamic landscape of modern web applications and organizations, access control is critical. Defining who can do what within your Cloudflare account ensures security and efficient workflow management.
As a senior consultant I deal with customers across numerous industries and maturity levels. I am often engaged in conducting risk assessments or gap analysis aligned with common frameworks such as the National Institute for Standards and Technology’s (NIST) Cybersecurity Framework (CSF). Most, if not all, the frameworks have a few controls that focus on the organization’s backup processes and disaster recovery plans.
Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.