Securing generative AI: 5 action items to protect your organization
Generative AI applications can be a rich source of opportunity for increased productivity and innovation for organizations. At the same time, they are fast becoming a headache for security teams. In a recent report, titled "The State of Attacks on GenAI," Pillar Security cautioned that "the unchecked proliferation of AI ... Read More
Census III study spotlights ongoing open-source software security challenges
Backward incompatibilities, the lack of standard schemas for components, and projects staffed by too few developers are just some of the risks threatening the security of free and open-source software (FOSS), a study released by the Linux Foundation, the Open Source Security Foundation (OpenSSF), and Harvard University has found ... Read More
U.K. cybersecurity chief warns of gap between risks and defenses
A warning issued by the new head the United Kingdom's National Cyber Security Centre (NCSC) should be sobering to cybersecurity pros everywhere. Speaking at the agency's headquarters on Tuesday, Richard Horne declared that the cyber-risks faced by his nation and its allies are widely underestimated. ... Read More
AI-based fuzzing targets open-source LLM vulnerabilities
Google recently announced a milestone in finding vulnerabilities in open-source software using automated fuzzing tools enhanced by artificial intelligence (AI). Twenty-six new vulnerabilities — including a critical one in the OpenSSL library — were discovered in open-source projects. All were found using AI-generated and -enhanced fuzz targets ... Read More
CISA’s secure software deployment push: Key takeaways for AppSec teams
In July, a botched software update by CrowdStrike led to millions of Windows systems crashing worldwide, resulting in $10 billion in financial damage, by some estimates. Recent guidance released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Australian Signals Directorate aims at preventing another such ... Read More
OWASP Top 10 for LLM and new tooling guidance targets GenAl security
New guidance for organizations seeking to protect the generative AI tools they're running has been released by the OWASP Top 10 LLM Applications Security Project ... Read More
NIST’s NICE: 3 ways to adapt the hiring framework for modern threats
The National Initiative for Cybersecurity Education's cybersecurity hiring framework may be a good place to start when putting together a solid security team. However, some changes are needed for NICE to equip teams with the knowledge, skills — and distinct roles — to enhance your software supply chain security (SSCS) ... Read More
OWASP’s Dependency-Check tool update: Key changes — and limitations
The Open Web Application Security Project (OWASP) has released a new version of its dependency-check tool, which can identify known vulnerabilities in third-party software components, measure and enforce policy compliance, respond to identified vulnerabilities, prioritize vulnerability mitigation, triage findings and policy violations, and produce a CycloneDX-based software bill of materials ... Read More
AI and cybersecurity: Modernize your SecOps to tackle today’s threats
Much has been written about the threats artificial intelligence (AI) can pose to an organization's security, but the technology can be transformative for security teams as well, helping them tackle the key challenges they face. In recent keynote speeches at BSides and RVAsec, Caleb Sima, chair of the Cloud Security ... Read More
