Not too long ago, during an executive briefing, I was asked a thought-provoking question by the CISO of a large airline in the US. He asked, “Brijesh, microsegmentation solutions have existed for a decade. Based on your experience, can you tell me why so many microsegmentation projects fail, and why it is so difficult to achieve microsegmentation across hybrid IT … [Read more...] about Guide for a Successful Microsegmentation Project
Project
Google Introduces Project Naptime for AI-Powered Vulnerability Research
Jun 24, 2024NewsroomVulnerability / Artificial Intelligence Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target codebase," Google … [Read more...] about Google Introduces Project Naptime for AI-Powered Vulnerability Research
Meet K8sGPT Open Source Project
Troubleshooting within Kubernetes environments can be a daunting task. If we could only have a magical artificial intelligence advisor that could gather all the data about what goes on the system, and tell me what’s wrong, and even how to solve it. Wouldn’t it be nice?K8sGPT is a young open source project that uses generative AI to give Kubernetes superpowers to everyone. It … [Read more...] about Meet K8sGPT Open Source Project
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, … [Read more...] about OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
CrowdStrike Sponsors New MITRE Cloud Analytics Project
Fourteen key cloud analytics for Azure and GCP cloud environments were identified and mapped as indicative of adversary behavior and serve as a blueprint for understanding and writing new cloud analytics. The CrowdStrike Falcon® platform delivers a powerful combination of agentless capabilities to protect against misconfigurations and control plane attacks, along with … [Read more...] about CrowdStrike Sponsors New MITRE Cloud Analytics Project
Google Launches GUAC Open Source Project to Secure Software Supply Chain
Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," … [Read more...] about Google Launches GUAC Open Source Project to Secure Software Supply Chain
Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021
Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020. "The large uptick in in-the-wild 0-days … [Read more...] about Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021
Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted … [Read more...] about Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
Minnesota University Apologizes for Contributing Malicious Code to the Linux Project
Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future. "While our goal was to improve the security of Linux, we now understand that it was hurtful to the … [Read more...] about Minnesota University Apologizes for Contributing Malicious Code to the Linux Project
A Self-Service Password Reset Project Can Be A Quick Win For IT
Since the beginning of this year, organizations' IT staff have faced numerous challenges and an increased workload as a result of the global pandemic and shift to a mainly remote workforce. Supporting end-users that are now working from home has introduced new challenges in troubleshooting since it isn't as simple as visiting an end user's desk to resolve issues as they … [Read more...] about A Self-Service Password Reset Project Can Be A Quick Win For IT