DDoS threat report for 2024 Q1
Welcome to the 17th edition of Cloudflare’s DDoS threat report. This edition covers the DDoS threat landscape along with key findings as observed from the Cloudflare network during the first quarter of 2024.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
An investigation into code injection vulnerabilities caused by generative AI
Generative AI is an exciting technology that is now easily available through cloud APIs provided by companies such as Google and OpenAI. While it’s a powerful tool, the use of generative AI within code opens up additional security considerations that developers must take into account to ensure that their applications remain secure. In this article, we look at the potential security implications of large language models (LLMs), a text-producing form of generative AI.
Understanding AI Package Hallucination: The latest dependency security threat
In this video, we explore AI package Hallucination. This threat is a result of AI generation tools hallucinating open-source packages or libraries that don't exist. In this video, we explore why this happens and show a demo of ChatGPT creating multiple packages that don't exist. We also explain why this is a prominent threat and how malicious hackers could harness this new vulnerability for evil. It is the next evolution of Typo Squatting.
New and Improved Packages from JumpCloud
IT professionals are the people who Make Work Happen™ throughout their organization — so it’s important they have the right tools at their fingertips. We believe that the best tools are those that can adapt to meet their needs as they evolve. This ethos drives the continual investment in the JumpCloud platform based on regular user input and feedback. As we’ve collected and acted upon customer feedback over the last couple of years, the JumpCloud platform has grown significantly.
Password Length vs Complexity: Which Is More Important?
In this video, learn about the differences between password length and complexity, which is more important, and four tips to improve password security in your organization. Learn more about: Resources and social media: Transcript: It’s no secret that passwords aren’t foolproof. In fact, the most common way that hackers infiltrate an organization is through stolen credentials. But until the day that everything has shifted to passwordless authentication, passwords are still necessary. So, how can we make them as strong and effective as possible?
Nightfall AI: The First AI-Native Enterprise DLP Platform
Legacy DLP solutions never worked. They're point solutions that generate an overwhelming number of false positive alerts, and block the business in the process. But no longer. Enter: Nightfall AI, the first AI-native enterprise DLP platform that protects sensitive data across SaaS, generative AI (GenAI), email, and endpoints, all from the convenience of a unified console.
Top 5 Myths About API Security and What To Do Instead
Discover the top five myths about API security and learn the effective strategies for protecting your digital assets. Understand why attacks are common, the limitations of perimeter security, and the importance of a zero trust model in this comprehensive overview. Uncover the realities of API security, from the prevalence of attacks to the challenges of relying on perimeter defenses. Learn why a zero trust approach and better developer engagement are key to robust API protection.
The NIST AI Risk Management Framework: Building Trust in AI
The NIST Artificial Intelligence Risk Management Framework (AI RMF) is a recent framework developed by The National Institute of Standards and Technology (NIST) to guide organizations across all sectors in the use of artificial intelligence (AI) and its systems. As AI continues to become implemented in nearly every sector — from healthcare to finance to national defense — it also brings new risks and concerns with it.
Driving Security: Integrating Automotive Cybersecurity with the IoT Landscape through WP.29 Standards
In today’s digital age, where cars have evolved into data centers on wheels within the Internet of Things (IoT) landscape, ensuring cybersecurity in the automotive industry has become paramount. The emergence of connected cars, a significant subset of IoT, brings with it a host of cybersecurity challenges, prompting regulators to take swift action. One such pivotal step is the establishment of WP.29 standards, revolutionizing automotive cybersecurity.
How to track and stop CVE-2024-3400: Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics
On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto is here. Palo Alto has marked this vulnerability as critical and NVD has scored it a 10.0 with CVSSv3. Wallarm currently detects attacks against this vulnerability with no additional configuration required.