DevOps

Beware of Expired or Compromised Code Signing Certificates

Krupa Patil | December 4, 2023 | Certificate expiry, code signing, code signing certificates, code signing keys, DEVOPS, Digital Signature, private keys

Given the alarming rise in software supply chain attacks and consumers growing more cyber-aware and security-conscious, software providers need to demonstrate a stronger commitment to securing their software and applications and fostering ...

Blogs Archive - AppViewX

Exposed Hugging Face APIs Opened AI Models to Cyberattacks

Jeffrey Burt | December 4, 2023 | AI cyberattacks, api, generative AI, Hugging Face, LLM

Security flaws found in both Hugging Face and GitHub repositories exposed almost 1,700 API tokens, opening up AI developers to supply chain and other attacks and putting a brighter spotlight on the ...

Security Boulevard

What Are AWS Service Control Policies (SCP)? A Complete Guide

Tally Shea | December 4, 2023 | DEVOPS, Governance Automation, Identity & IAM

The cloud is all about innovation at a speed never before possible. This can often lead to rapid development sprints and a proliferation of identities and infrastructure – and with that, excessive ...

Sonrai | Enterprise Cloud Security Platform

DevSecOps: A beginner’s guide

Aaron Linskens | December 4, 2023 | DEVOPS, DevSecOps journey, DevZone, shift left, Sonatype Lifecycle

Creating software can be at equal times challenging and rewarding. Developers face the unrelenting demand to deliver feature-rich applications and value to their users and customers. Open source components, which comprise up ...

Sonatype Blog

Application Security Trends & Challenges with Tanya Janca

Tom Eston | December 4, 2023 | Application Security, AppSec, career, Cyber Security, Cybersecurity, Data Privacy, developers, DEVOPS, DevSecOps, Digital Privacy, Episodes, hiring, Information Security, Infosec, jobs, Podcast, Podcasts, Privacy, security, Security Awareness, Security Education, Semgrep, Tanya Janca, technology, Weekly Edition, WeHackPurple

In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since ...

Shared Security Podcast

A spreadsheet list of integration commands you can use to build a phishing playbook using Office 365, CrowdStrike, Active Directory, Checkpoint, and Recorded Future

How to Build a Phishing Playbook Part 1: Preparation

Kartik Subramanian, Engineering | December 1, 2023 | Active Directory, Checkpoint Firewall, CrowdStrike, Cybersecurity, Incident Response, Office 365 Integration, OSINT, Phishing Attacks, Recorded Future, SOAR, SOAR platform

Automating response to phishing attacks remains one of the core use-cases of SOAR platforms. In 2022, the Anti-Phishing Working Group (APWG) logged ~4.7 million phishing attacks. Since 2019, the number of phishing ...

D3 Security

TikTok Ban Banned — Montana Loses in US Court

Richi Jennings | December 1, 2023 | Bytedance, china, chinese government, Donald Molloy, Montana, Privacy, SB Blogwatch, spyware, TikTok

For you plague, still: States can’t just ban apps, says federal judge ...

Security Boulevard

Customer Spotlight: Best Practices from Cimpress on Implementing JIT Access at Scale

Joyce Ling | December 1, 2023 | DEVOPS, Infosec

Explore how global company Cimpress is implementing Just-in-Time (JIT) Access at scale to enhance efficiency and security in their tech infrastructure. Conor Mancone, Principal Application Security Engineer at Cimpress, shares insights on ...

Blog | Akeyless

VirusTotal: Generative AI is Great at Detecting, Identifying Malware

Jeffrey Burt | December 1, 2023 | Cybersecurity, generative AI, malicious code, VirusTotal

Generative AI engines similar to OpenAI’s ChatGPT and Google’s Bard will become indispensable tools for enterprises and cybersecurity operations in detecting and analyzing malicious code in a real-world environment, according to researchers ...

Security Boulevard