Technology

Related News

Disclosure Yealink Cloud vulnerabilities

  • None
  • Published date: 2025-06-24 03:11:13

Posted by Jeroen Hermans via Fulldisclosure on Jun 23Dear all, ---Abstract--- Yealink RPS contains several vulnerabilities that can lead to leaking of PII and/or MITM attacks. Some vulnerabilities are unpatched even after disclosure to the manufacturer. --…

From: Jeroen Hermans via Fulldisclosure <fulldisclosure () seclists org>Date: Sat, 21 Jun 2025 09:46:55 +0200 Dear all, ---Abstract--- Yealink RPS contains several vulnerabilities that can l… [+7479 chars]

How Sonatype leads in AI component analysis for supply chain security

  • None
  • Published date: 2025-06-24 00:00:00

None

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/how-sonatype-leads-in-ai-component-analysis-for-supply-chain-security" title="" class="hs-featured-image-link"> <img decoding="async" src="https://www.sonatype.com/hubfs/blog_ai_forrester.png" alt="How Sonatype leads in AI component analysis for supply chain security" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div><p>From generative AI tools to pre-trained machine learning models, AI is rapidly transforming how software is developed.</p><p><img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=1958393&amp;k=14&amp;r=https%3A%2F%2Fwww.sonatype.com%2Fblog%2Fhow-sonatype-leads-in-ai-component-analysis-for-supply-chain-security&amp;bu=https%253A%252F%252Fwww.sonatype.com%252Fblog&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Aaron Linskens">Aaron Linskens</a>. Read the original post at: <a href="https://www.sonatype.com/blog/how-sonatype-leads-in-ai-component-analysis-for-supply-chain-security">https://www.sonatype.com/blog/how-sonatype-leads-in-ai-component-analysis-for-supply-chain-security</a> </p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div>

LinuxFest Northwest: GNU/Linux Loves All

  • None
  • Published date: 2025-06-24 00:00:00

None

<p></p><center data-preserve-html-node="true">Author/Presenter: Timmy Barnett (GNU Philosopher) <p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/wmo7lLr3wBM?si=UxJL-2sqDji9L-vH" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p>Our sincere appreciation to <strong><a href="https://www.linuxfestnorthwest.org/">LinuxFest Northwest</a></strong> (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb <strong><a href="https://www.youtube.com/playlist?list=PLjDc7gDlIASRAcG0cxWYOnNGwFnykUMNZ">LinuxFest Northwest 2025</a></strong> video content. Originating from the conference’s events located at the <strong><a href="https://www.btc.edu/">Bellingham Technical College in Bellingham, Washington</a></strong>; and via the organizations <strong><a href="https://www.youtube.com/@LinuxFestNorthwest">YouTube</a></strong> channel. </p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p>Thanks and a Tip O’ The Hat to <strong><a href="https://www.verificationlabs.com/trey.html">Verification Labs</a></strong> :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the <strong><a href="https://www.linuxfestnorthwest.org/">LinuxFest Northwest</a></strong> conference.</p> <p></p></center></center><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="fbe6b7058ba83d2a4a77fd46-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="fbe6b7058ba83d2a4a77fd46-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><a href="https://www.infosecurity.us/blog/2025/6/24/linuxfest-northwest-gnulinux-loves-all">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/wmo7lLr3wBM?si=UxJL-2sqDji9L-vH">https://www.youtube-nocookie.com/embed/wmo7lLr3wBM?si=UxJL-2sqDji9L-vH</a> </p>

Anton’s Security Blog Quarterly Q2 2025

  • None
  • Published date: 2025-06-24 00:00:00

None

<p>Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. <a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q3-2023-fcad66cbbca0">As before</a>, this covers both <a href="https://medium.com/anton-on-security">Anton on Security</a> and my posts from <a href="https://cloud.google.com/blog/">Google Cloud blog</a>, and our <a href="https://cloud.withgoogle.com/cloudsecurity/podcast/">Cloud Security Podcast</a> (<a href="https://open.spotify.com/show/12WPC7aW5kd0kKSyrpgnHI">subscribe</a>).</p><figure><img decoding="async" alt="" src="https://cdn-images-1.medium.com/max/1024/0*RzO0W4b_Y7dg7eRy"></figure><p><strong>Top 10 posts with the most lifetime views (excluding paper announcement blogs):</strong></p><ol> <li><a href="https://medium.com/anton-on-security/antons-alert-fatigue-the-study-0ac0e6f5621c'">Anton’s Alert Fatigue: The Study</a><strong> </strong>[<em>A.C. — wow, this is #1 now! awesome!</em>]</li> <li><a href="https://medium.com/anton-on-security/security-correlation-then-and-now-a-sad-truth-about-siem-fc5a1afb1001">Security Correlation Then and Now: A Sad Truth About SIEM</a></li> <li><a href="https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc79">Can We Have “Detection as Code”?</a></li> <li><a href="https://medium.com/anton-on-security/detection-engineering-is-painful-and-it-shouldnt-be-part-1-3641d8740458">Detection Engineering is Painful — and It Shouldn’t Be (Part 1)</a></li> <li><a href="https://medium.com/anton-on-security/back-in-2015-while-working-on-a-gartner-soc-paper-i-coined-the-concept-of-soc-nuclear-triad-8961004c734">Revisiting the Visibility Triad for 2020</a> (update for 2025 is coming soon)</li> <li><a href="https://medium.com/anton-on-security/beware-clown-grade-socs-still-abound-7b6b9d1f9304">Beware: Clown-grade SOCs Still Abound</a></li> <li><a href="https://medium.com/anton-on-security/why-is-threat-detection-hard-42aa479a197f%5D">Why is Threat Detection Hard?</a></li> <li><a href="https://medium.com/anton-on-security/a-soc-tried-to-detect-threats-in-the-cloud-your-wont-believe-what-happened-next-4a2ba0ab5d81">A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next</a></li> <li><a href="https://medium.com/anton-on-security/one-of-the-most-common-questions-i-received-in-my-analyst-years-of-covering-siem-and-other-3480cb755a3e">Top 10 SIEM Log Sources in Real Life?</a> [<a href="https://medium.com/anton-on-security/one-more-time-on-siem-telemetry-log-sources-b0a88572dac9">updated/modified version</a>]</li> <li><a href="https://medium.com/anton-on-security/how-to-think-about-threat-detection-in-the-cloud-1baff902afe5">How to Think about Threat Detection in the Cloud</a></li> </ol><p><strong>Top 5 posts with paper announcements:</strong></p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><ul> <li><a href="https://medium.com/anton-on-security/new-paper-future-of-the-soc-soc-people-skills-not-tiers-7fbe09001096">New Paper: “Future of the SOC: SOC People — Skills, Not Tiers”</a></li> <li><a href="https://medium.com/anton-on-security/new-paper-future-of-the-soc-evolution-or-optimization-choose-your-path-paper-4-of-4-5-1eb477ea8d25">New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)</a> (one more paper coming in 2025)</li> <li><a href="https://medium.com/anton-on-security/new-paper-future-of-the-soc-forces-shaping-modern-security-operations-8d7b221bc326">New Paper: “Future of the SOC: Forces shaping modern security operations”</a></li> <li><a href="https://medium.com/anton-on-security/new-paper-future-of-the-soc-process-consistency-and-creativity-a-delicate-balance-paper-3-of-f73fe653c04d">New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)</a></li> <li><a href="https://medium.com/anton-on-security/new-paper-autonomic-security-operations-10x-transformation-of-the-security-operations-center-daf779fc4a30">New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center”</a> (the classic 2021 ASO paper!)</li> <li><a href="https://medium.com/anton-on-security/new-paper-future-of-soc-transform-the-how-paper-5-0de3caa72971">New Paper: “Future of SOC: Transform the ‘How’” (Paper 5)</a></li> <li><a href="https://medium.com/anton-on-security/new-paper-securing-ai-similar-or-different-91f3bdac1eff">New Paper: “Securing AI: Similar or Different?“</a> (update for 2025 coming soon!)</li> </ul><p><strong>NEW: recent 3 fun posts, must-read:</strong></p><ul> <li><a href="https://medium.com/anton-on-security/antons-alert-fatigue-the-study-0ac0e6f5621c">Anton’s Alert Fatigue: The Study</a> (long!)</li> <li><a href="https://medium.com/anton-on-security/a-brief-guide-for-dealing-with-humanless-soc-idiots-3c2f1a5b26e9">A Brief Guide for Dealing with ‘Humanless SOC’ Idiots</a></li> <li><a href="https://medium.com/anton-on-security/the-return-of-the-baby-aso-why-socs-still-suck-07e66f2ee023">The Return of the Baby ASO: Why SOCs Still Suck?</a></li> <li><a href="https://medium.com/anton-on-security/15-years-of-loading-threat-intel-into-siem-why-does-this-still-suck-37e5e5653828">15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck?</a></li> </ul><p><strong>Top 7 </strong><a href="https://cloud.withgoogle.com/cloudsecurity/podcast/"><strong>Cloud Security Podcast by Google</strong></a><strong> episodes (excluding the oldest 3!):</strong></p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="592ec107e503b12ed9b69233-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="592ec107e503b12ed9b69233-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><ol> <li><a href="https://cloud.withgoogle.com/cloudsecurity/podcast/ep75-how-we-scale-detection-and-response-at-google-automation-metrics-toil/">EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil</a> (our best episode! officially!)</li> <li><a href="https://cloud.withgoogle.com/cloudsecurity/podcast/zero-trust-fast-forward-from-2010-to-2021/">EP8 Zero Trust: Fast Forward from 2010 to 2021</a></li> <li><a href="https://cloud.withgoogle.com/cloudsecurity/podcast/modern-threat-detection-at-google/">EP17 Modern Threat Detection at Google</a></li> <li><a href="https://cloud.withgoogle.com/cloudsecurity/podcast/ep47-megatrends-macro-changes-microservices-oh-my-changes-in-2022-and-beyond-in-cloud-security/">EP47 “Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security”</a></li> <li><a href="https://cloud.withgoogle.com/cloudsecurity/podcast/ep153-kevin-mandia-on-cloud-breaches-new-threat-actors-old-mistakes-and-lessons-for-all/">EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All</a></li> <li><a href="https://cloud.withgoogle.com/cloudsecurity/podcast/ep109-how-google-does-vulnerability-management-the-not-so-secret-secrets/">EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!</a></li> <li><a href="https://cloud.withgoogle.com/cloudsecurity/podcast/ep150-taming-the-ai-beast-threat-modeling-for-modern-ai-systems-with-gary-mcgraw/">EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw</a></li> </ol><p>Now, fun posts by topic.</p><p><strong>Security operations / detection &amp; response:</strong></p><ul> <li><a href="https://medium.com/anton-on-security/security-correlation-then-and-now-a-sad-truth-about-siem-fc5a1afb1001">“Security Correlation Then and Now: A Sad Truth About SIEM”</a></li> <li>“<a href="https://medium.com/anton-on-security/migrate-off-that-old-siem-already-0740b735a288">Migrate Off That Old SIEM Already!</a>” (<a href="https://youtu.be/S-11_syclZ8?si=UBSjhceqF6FBBp4N">VIDEO!</a>)</li> <li><a href="https://www.googlecloudcommunity.com/gc/Community-Blog/The-SOC-Metrics-that-Matter-or-Do-They/ba-p/873173">“Measuring the SOC: What Counts and What Doesn’t in 2025?”</a> (Google Cloud Blog)</li> <li><a href="https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc79">“Can We Have “Detection as Code”?”</a></li> <li><a href="https://medium.com/anton-on-security/back-in-2015-while-working-on-a-gartner-soc-paper-i-coined-the-concept-of-soc-nuclear-triad-8961004c734">“Revisiting the Visibility Triad for 2020”</a></li> <li>“<a href="https://medium.com/anton-on-security/beware-clown-grade-socs-still-abound-7b6b9d1f9304">Beware: Clown-grade SOCs Still Abound</a>”</li> <li><a href="https://medium.com/anton-on-security/why-is-threat-detection-hard-42aa479a197f">“Why is Threat Detection Hard?”</a></li> <li><a href="https://medium.com/anton-on-security/a-soc-tried-to-detect-threats-in-the-cloud-your-wont-believe-what-happened-next-4a2ba0ab5d81">“A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next”</a></li> <li><a href="https://medium.com/anton-on-security/stop-trying-to-take-humans-out-of-soc-except-wait-wait-wait-e19c5887ef2f">“Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…”</a></li> <li><a href="https://medium.com/anton-on-security/one-of-the-most-common-questions-i-received-in-my-analyst-years-of-covering-siem-and-other-3480cb755a3e">“Top 10 SIEM Log Sources in Real Life?”</a> (<a href="https://medium.com/anton-on-security/one-more-time-on-siem-telemetry-log-sources-b0a88572dac9">NEWER VERSION</a>)</li> <li><a href="https://medium.com/p/992bfe095334">“Debating SIEM in 2023, Part 1”</a></li> <li><a href="https://medium.com/anton-on-security/debating-siem-in-2023-part-2-4f46e93faaf0">“Debating SIEM in 2023, Part 2”</a></li> <li><a href="https://medium.com/anton-on-security/log-centralization-the-end-is-nigh-b28efaa98379">“Log Centralization: The End Is Nigh?”</a></li> <li><a href="https://medium.com/anton-on-security/how-to-make-threat-detection-better-c38f1758b842">“How to Make Threat Detection Better?”</a></li> <li><a href="https://medium.com/anton-on-security/siem-content-false-positives-and-engineering-or-not-security-4a1dfecc136c">“SIEM Content, False Positives and Engineering (Or Not) Security”</a></li> <li><a href="https://cloud.google.com/blog/products/identity-security/modern-secops-masterclass-now-available-on-coursera">“Modern SecOps Masterclass: Now Available on Coursera”</a></li> </ul><p>(if you only read one, choose <a href="https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc79">this one</a>!)</p><p><strong>Cloud security:</strong></p><ul> <li><a href="https://medium.com/anton-on-security/using-cloud-securely-the-config-doom-question-36e7e9c018e2">“Using Cloud Securely — The Config Doom Question”</a></li> <li><a href="https://medium.com/anton-on-security/who-does-what-in-cloud-threat-detection-a7a4f44e7672">“Who Does What In Cloud Threat Detection?”</a></li> <li><a href="https://medium.com/anton-on-security/how-to-solve-the-mystery-of-cloud-defense-in-depth-84e1db3d6276">“How to Solve the Mystery of Cloud Defense in Depth?”</a></li> <li><a href="https://medium.com/anton-on-security/does-the-world-need-cloud-detection-and-response-cdr-ea184e6df9f3">“Does the World Need Cloud Detection and Response (CDR)?”</a></li> <li><a href="https://medium.com/anton-on-security/use-cloud-securely-what-does-this-even-mean-b723cf01f834">“Use Cloud Securely? What Does This Even Mean?!”</a></li> <li><a href="https://cloud.google.com/blog/products/identity-security/why-cisos-need-to-adapt-their-mental-models-of-security-for-cloud">“How CISOs need to adapt their mental models for cloud security”</a> [GCP blog]</li> <li><a href="https://medium.com/anton-on-security/who-does-what-in-cloud-threat-detection-a7a4f44e7672">“Who Does What In Cloud Threat Detection?”</a></li> <li><a href="https://medium.com/anton-on-security/cloud-migration-security-woes-14d7301b9e3b">“Cloud Migration Security Woes”</a></li> <li><a href="https://medium.com/anton-on-security/move-to-cloud-a-chance-to-finally-transform-security-e9614aae4f9c">“Move to Cloud: A Chance to Finally Transform Security?”</a></li> <li><a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-multicloud-jungle-how-your-security-can-survive-thrive">“It’s a multicloud jungle out there. Here’s how your security can survive“</a></li> </ul><p>(if you only read one, choose <a href="https://medium.com/anton-on-security/use-cloud-securely-what-does-this-even-mean-b723cf01f834">this one</a>!)</p><p><strong>How Google Does Security (HGD):</strong></p><ul> <li><a href="https://cloud.google.com/transform/how-google-does-it-modernizing-threat-detection/">“How Google Does It: Making threat detection high-quality, scalable, and modern”</a> (Google Cloud blog)</li> <li><a href="https://cloud.google.com/transform/how-google-does-it-secure-our-own-cloud">“How Google Does It: How we secure our own cloud” </a>(Google Cloud blog)</li> <li><a href="https://cloud.google.com/transform/how-google-does-it-vulnerability-detection-remediation">“How Google Does It: Finding, tracking, and fixing vulnerabilities”</a> (Google Cloud blog)</li> <li><a href="https://cloud.google.com/transform/how-google-does-it-vulnerability-detection-remediation">“How Google Does It: Finding, tracking, and fixing vulnerabilities”</a> (Google Cloud blog)</li> <li><a href="https://cloud.google.com/transform/how-google-does-it-red-teaming-at-scale">“How Google Does It: Red teaming at scale”</a> (Google Cloud blog)</li> </ul><p>(if you only read one, choose <a href="https://cloud.google.com/transform/how-google-does-it-modernizing-threat-detection/">this one!</a> BTW, we also have a lot of fun <a href="https://cloud.withgoogle.com/cloudsecurity/podcast/topics/podcast-list/?tag=how-google-does-security">HGD podcasts</a>)</p><p><strong>CISO, culture, transformation, FMC, etc</strong></p><ul> <li><a href="https://medium.com/anton-on-security/new-office-of-the-ciso-paper-organizing-security-for-digital-transformation-fae78ce61c48">“New Office of the CISO Paper: Organizing Security for Digital Transformation”</a> (and <a href="https://services.google.com/fh/files/misc/organizing_security_digital_transformation.pdf">paper</a>)</li> <li><a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-10-ways-to-make-cyber-physical-systems-more-resilient">“10 ways to make cyber-physical systems more resilient”</a> (and <a href="https://services.google.com/fh/files/misc/ociso_pcast_paper_2024.pdf">paper</a>)</li> </ul><p><strong>AI security:</strong></p><ul> <li><a href="https://medium.com/anton-on-security/our-security-of-ai-papers-and-blogs-explained-7e50afc0469b">”Our Security of AI Papers and Blogs Explained</a>” [this has a whole lot of AI security fun links that you <em>so </em>want to click!]</li> <li><a href="https://www.googlecloudcommunity.com/gc/Community-Blog/Securing-AI-Supply-Chain-Like-Software-Only-Not/ba-p/867409">“Securing AI Supply Chain: Like Software, Only Not”</a> (Google Cloud blog)</li> <li><a href="https://cloud.google.com/transform/spotlighting-shadow-ai-how-to-protect-against-risky-ai-practices">“Spotlighting ‘shadow AI’: How to protect against risky AI practices”</a> (Google Cloud blog)</li> <li><a href="https://www.googlecloudcommunity.com/gc/Community-Blog/Shadow-AI-Strikes-Back-Enterprise-AI-Absent-Oversight-in-the-Age/ba-p/891738">“Shadow AI Strikes Back: Enterprise AI Absent Oversight in the Age of Gen AI”</a></li> <li>“<a href="https://medium.com/anton-on-security/no-deep-ai-security-secrets-in-this-post-d9af9e38b7a0">No Deep AI Security Secrets In This Post!</a>”</li> <li>“<a href="https://medium.com/anton-on-security/new-paper-securing-ai-similar-or-different-91f3bdac1eff">New Paper: “Securing AI: Similar or Different?“</a></li> <li><a href="https://cloud.google.com/blog/transform/prompt-what-think-about-when-youre-thinking-about-securing-ai">“The Prompt: What to think about when you’re thinking about securing AI”</a> (Google Cloud blog)</li> <li><a href="https://cloud.google.com/transform/gen-ai-governance-10-tips-to-level-up-your-ai-program">“Gen AI governance: 10 tips to level up your AI program”</a> (Google Cloud blog)</li> <li><a href="https://www.googlecloudcommunity.com/gc/Community-Blog/AI-Adoption-Learning-from-the-Cloud-s-Early-Days/ba-p/880518">“AI Adoption: Learning from the Cloud’s Early Days”</a> (Google Community blog)</li> <li><a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-google-secures-ai-agents/?e=48754805">“How Google secures AI Agents”</a> (Google Cloud blog)</li> <li><a href="https://www.googlecloudcommunity.com/gc/Community-Blog/Demystifying-AI-Security-New-Paper-on-Real-World-SAIF/ba-p/891736">“Demystifying AI Security: New Paper on Real-World SAIF Applications”</a></li> <li><a href="https://cloud.google.com/blog/transform/to-securely-build-ai-on-google-cloud-follow-these-best-practices-infographic/">“To securely build AI on Google Cloud, follow these best practices”</a> (Google Cloud blog)</li> <li><a href="https://cloud.google.com/transform/oops-5-serious-gen-AI-security-mistakes-to-avoid/">“Oops! 5 serious gen AI security mistakes to avoid”</a> (Google Cloud blog)</li> <li><a href="https://cloud.google.com/transform/3-new-ways-ai-security-sidekick">“3 new ways to use AI as your security sidekick”</a> (Google Cloud blog)</li> </ul><p>(if you only read one, choose <a href="https://medium.com/anton-on-security/our-security-of-ai-papers-and-blogs-explained-7e50afc0469b">this one</a>!)</p><p><strong>NEW: fun presentations shared:</strong></p><ul> <li><a href="https://www.slideshare.net/slideshow/detection-engineering-maturity-helping-siems-find-their-adulting-skills/273410613">Detection Engineering Maturity — Helping SIEMs Find Their Adulting Skills</a> (2024)</li> <li><a href="https://www.slideshare.net/slideshow/future-of-soc-more-security-less-operations/267023230">Future of SOC: More Security, Less Operations</a> (2024)</li> <li><a href="https://www.slideshare.net/slideshow/soc-meets-cloud-what-breaks-what-changes-what-to-do/267023131">SOC Meets Cloud: What Breaks, What Changes, What to Do?</a> (2023)</li> <li><a href="https://www.slideshare.net/slideshow/meet-the-ghost-of-secops-future-by-anton-chuvakin/265076828">Meet the Ghost of SecOps Future</a> (2023)</li> <li><a href="https://www.slideshare.net/slideshow/sans-webinar-the-future-of-log-centralization-for-siems-and-dfir-is-the-end-nigh/260341650'">The Future of Log Centralization for SIEMs and DFIR — Is the End Nigh?</a> (2023)</li> <li><a href="https://www.slideshare.net/slideshow/20-years-of-siem-sans-webinar-2022/251485935">20 Years of SIEM (2022)</a></li> </ul><p>Enjoy!</p><p><strong>Previous posts in this series:</strong></p><ul> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q1-2025-d8906386503c">Anton’s Security Blog Quarterly Q1 2025</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q4-2024-076ea73bf84b">Anton’s Security Blog Quarterly Q4 2024</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q3-2024-8075a17e1d98">Anton’s Security Blog Quarterly Q3 2024</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q2-2024-3cd15ddc5e6f">Anton’s Security Blog Quarterly Q2 2024</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q1-2024-lite-08ae41772609">Anton’s Security Blog Quarterly Q1 2024 Lite</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q3-2023-fcad66cbbca0">Anton’s Security Blog Quarterly Q3 2023</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q2-2023-571b1d4c0b92">Anton’s Security Blog Quarterly Q2 2023</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q1-2023-5c378b8ce5c9">Anton’s Security Blog Quarterly Q1 2023</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q4-2022-97494f05695a">Anton’s Security Blog Quarterly Q4 2022</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q3-2022-c834a1b7fc6d">Anton’s Security Blog Quarterly Q3 2022</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q2-2022-d245b406569d">Anton’s Security Blog Quarterly Q2 2022</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q1-2022-300a70f4bb8a">Anton’s Security Blog Quarterly Q1 2022</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q4-2021-6abe22d2e01f">Anton’s Security Blog Quarterly Q4 2021</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q3-2021-3259ff665b91">Anton’s Security Blog Quarterly Q3 2021</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q2-2021-be4f598f5fae">Anton’s Security Blog Quarterly Q2 2021</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q1-2021-5572169ae801">Anton’s Security Blog Quarterly Q1 2021</a></li> <li><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q3-5-2020-5e0db0114aff">Anton’s Security Blog Quarterly Q3.5 2020</a></li> </ul><p><img decoding="async" src="https://medium.com/_/stat?event=post.clientViewed&amp;referrerSource=full_rss&amp;postId=9b97cc9cd3b3" width="1" height="1" alt=""></p><hr><p><a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q2-2025-9b97cc9cd3b3">Anton’s Security Blog Quarterly Q2 2025</a> was originally published in <a href="https://medium.com/anton-on-security">Anton on Security</a> on Medium, where people are continuing the conversation by highlighting and responding to this story.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://medium.com/@anton.chuvakin?source=rss-11065c9e943e------2">Stories by Anton Chuvakin on Medium</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Anton Chuvakin">Anton Chuvakin</a>. Read the original post at: <a href="https://medium.com/anton-on-security/antons-security-blog-quarterly-q2-2025-9b97cc9cd3b3?source=rss-11065c9e943e------2">https://medium.com/anton-on-security/antons-security-blog-quarterly-q2-2025-9b97cc9cd3b3?source=rss-11065c9e943e------2</a> </p>

Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware

  • None
  • Published date: 2025-06-24 00:00:00

None

<p>IntroductionZscaler ThreatLabz researchers recently uncovered AI-themed websites designed to spread malware. The threat actors behind these attacks are exploiting the popularity of AI tools like ChatGPT and Luma AI. These websites are utilizing platforms such as WordPress and are designed to poison search engine rankings and increase the probability of unsuspecting users landing on these webpages.If users interact with one of these AI-themed websites, JavaScript is used to trigger a redirection chain that ultimately delivers malware including Vidar, Lumma, and Legion Loader. In this blog post, we will provide an in-depth analysis of these malware campaigns.Key Takeaways Threat actors are using Black Hat SEO to poison search engine rankings for AI keywords to spread malware.The search engine results lead to malicious websites that use multiple layers of redirection to hide the final malware payloads. The threat actors perform browser fingerprinting (e.g., version, window resolution, cookies, user agent) before redirecting potential victims to malware.These campaigns have distributed malware like Vidar, Lumma, and Legion Loader (which in turn has deployed cryptocurrency-stealing extensions).In the cases we observed, the malware payloads are often packaged in large installer files to bypass sandboxes.Technical AnalysisOverviewThe attack starts when a victim lands on one of these AI-themed websites. These websites are optimized to rank highly in Google search results for trending AI-related topics through Black Hat SEO techniques. For instance, if a user searches for a query like “Luma AI blog,” the malicious page often appears as one of the top results, as shown in the figure below.Figure 1: Example Google search result for AI-based topics leading to malware.Once the victim clicks on the search result, a webpage similar to the following will appear:Figure 2: Example AI-themed website designed to lure victims into installing malware.Once the victim visits the page, malicious JavaScript is triggered, collecting browser data, encrypting it with XOR, and sending it to the attacker-controlled domain gettrunkhomuto[.]info. The threat actor’s server decrypts the data, verifies the information, and responds with a 302 redirect to an intermediate site. The intermediate site provides JavaScript that checks the victim’s public IP to determine the final destination, often redirecting to another webpage hosting malware payloads like Vidar Stealer, Lumma Stealer, or Legion Loader.On revisits, the redirection behavior may change, instead sending the victim to download adware or Potentially Unwanted Applications (PUA) as part of an alternative monetization scheme.Malicious JavaScriptThe deceptive blog pages are embedded with JavaScript that is triggered whenever the user clicks anywhere on the webpage. The Javascript is hosted on AWS CloudFront, a trusted content delivery network (CDN). CloudFront is typically used by legitimate websites to serve web content like HTML, CSS, and JavaScript, but threat actors misuse it to make their activities appear legitimate and harder to detect. The JavaScript is designed to perform several key tasks, which are described in the following sections.AdBlocker detectionOnce triggered, the JavaScript runs alongside the webpage content. It checks for the presence of ad blockers or DNS guards in the user’s browser, as these tools could block the redirection process the threat actors depend on to deliver malware. The script identifies the following adblockers: Ad Blocker Name Ad Blocker NameabpIndoeasyListChinaabpvneasyListCookieadBlockFinlandeasyListCzechSlovakadBlockPersianeasyListDutchadBlockWarningRemovaleasyListGermanyadGuardAnnoyanceseasyListItalyadGuardBaseeasyListLithuaniaadGuardChinesewebAnnoyancesUltralistadGuardFrenchfanboyAnnoyancesadGuardGermanfanboyAntiFacebookadGuardJapanesefanboyEnhancedTrackersadGuardMobilefanboySocialadGuardRussianfrellwitSwedishadGuardSocialgreekAdBlockadGuardSpanishPortugueseicelandicAbpadGuardTrackingProtectionlatvianadGuardTurkishlistKriDontCareAboutCookieslisteAreasyListlisteFrruAdthaiAdsTable 1: List of ad blocker names checked by the JavaScript.If any of the ad blocker names are found, then the JavaScript will not redirect users to the malware download page.Configuration decodingThe JavaScript retrieved from AWS CloudFront stores important configuration details, such as domain information for redirecting users, in Base64-encoded strings (with a custom character set). This encoding method obscures the malicious domains and helps the threat actors evade detection. Once decoded, these parameters enable the redirection process that eventually leads users to a malware delivery site.Collected data encryptionAfter the JavaScript collects information from the victim’s browser, it sends the information to the threat actor’s server as a GET request, embedded in the URL. The server uses the data to generate a redirection link that leads the victim to the malware download page. To protect the data being sent, the threat actors encrypt it using a randomly generated XOR key. This key is Base64-encoded (using the standard character set) along with the encrypted data, the first five bytes of the Base64-decoded string represent the XOR key. This process ensures the data appears obfuscated, making detection and monitoring more difficult. The table below outlines the information sent to the redirection server:TagDescription &amp;v= Browser version&amp;rxy=Window resolution&amp;u=Unique ID taken from cookie name&amp;agec=Epoch time when user clicked on site&amp;ref=Visited site&amp;lcua=Victim user agent&amp;_CR5c=Epoch expiration time&amp;utr1…7Duration from the initial page load to the subsequent redirectionTable 2: List of information sent to the redirecting server.The process for encrypting the URL GET request involves the following steps:Step 1: Add a validation parameterThe script checks if the query string in the GET request contains the parameter valid=1. If the parameter is absent, the JavaScript appends valid=1 to the end of the query string to mark the request as valid for processing.Step 2: XOR encryption of query stringThe query string is encrypted using a randomly generated 5-byte XOR key. Each character in the query string is XOR’ed with its corresponding key character. Step 3: Combine XOR key and resultThe final result is created by combining the XOR key with the XOR-encrypted query string. It is then Base64-encoded (again with standard Base64 encoding) to generate the output URL.Example input:var d = “VsWg8”; // Randomly generated XOR key<br> var b = “https://getrunkhomuto[.]info”; // Base URL<br> var c = “?cs=N0hvY2wEcFlWWQ54XlNZBnxcUlk&amp;abt=0&amp;red=1&amp;sm=16&amp;k=home&amp;v=1.34.36.4&amp;sts=2&amp;prn=0&amp;emb=0&amp;tid=1072626&amp;rxy=1920_1080&amp;inc=8&amp;u=2199064996573029&amp;agec=1742719364&amp;fs=1&amp;mbkb=75.642965204236&amp;ref=https%3A%2F%2Fchat-gpt-5.ai%2F&amp;jst=0&amp;enr=0&amp;lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20×64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F131.0.0.0%20safari%2F537.36&amp;tzd=-7&amp;uloc=&amp;if=0&amp;ct=3&amp;ctc=0&amp;_CR5c=1742721475304&amp;utr1=00:03:198&amp;utr2=38&amp;utr3=0&amp;utr4=0&amp;utr5=0&amp;utr6=0&amp;utr7=0”; // Query stringExample output:https://getrunkhomuto[.]info/VnNXZzhpECRadmYbIT4KITY0IVQBJAZSDA4fGT16OAs0MlQ9VTYFTGtDcRVdMk5mQUs7TmZRHj1OPwhVM1UhWgl4QGNJC2BdY0FLIgBqVR4mATlaCHAWOgUFZlUjDlxrQmdQCmBBYUFKLgpqVgFkQwhWCG5DcQ5WNU5vQU1rQWZeAWZFY14BYEZgVAhkSnEGXzMQalYPYkFgVgFlRWNBXiVOZkFVNBg1Wg9jXWFTCm9FYlUIYkFkUR4kFjFaUCIHJxQdZTJyVX5zQREEUDcHegBIIl5iSVk%2FVmUhHjwAI1oIcBY5FQVmVTsETTdOOghCPx87Bh1kNWJJCHNBZ09PPx0zCE8lVmVXViJWZVcJZl1nQgsUVmVXTz8dYVMdZTFyVQguRWNOHWRDNhdIOhYgAlo9GiNCChBGZFAWZUVyVQh%2BGD8TVTpWZSQdZEM7DlMzVmVXXzMQPAgRc0FnBFAkHDoCHWQ1ZlQJeEN5VxZmVmVXSzcVNhVRc0ERUgthXWRRHiIJM1oVYVUiC1c1TnEOXmtDcQRMa0BxBEw1TmdBZxUhYgQFZ0RjVQ9kQmNQDWVDY0FNIgFmWghmSWdUAmdKb0FNIgFlWgtuVSITSmVOZ0FNIgFjWghwBiMVDWtDcRJMJEVqVx4jByVQBWZVIQZUPxdqVg%3D%3DNotably, getrunkhomuto[.]info, which serves as the base URL of the GET request, has been linked to multiple deceptive sites. ThreatLabz has observed over 4.4 million hits associated with this domain since January 2025. The domain gettrunkhomuto[.]info is a vital component in the redirection chain. It validates and processes encrypted requests, coordinates redirections, and filters targets based on collected data.Malware observed The techniques used in this campaign have the potential to distribute various types of malware. During our analysis, we identified the following malware attack chains.Vidar and Lumma Stealer The final download pages in this campaign deliver Vidar Stealer and Lumma Stealer as password-protected ZIP archives, with the password provided on the final downloading page. Once extracted, they contain an 800MB NSIS installer, a deceptively large size intended to appear legitimate and bypass detection systems with file size limitations.The attack chain for both Lumma and Vidar Stealer share a similar structure. The NSIS installer includes files with a .docm extension embedded in different folders. While the extension suggests that the files are Microsoft Word macro-enabled documents, they are in fact components of the malware payload. Upon execution of the NSIS installer, these files are combined in the proper sequence to generate an AutoIT loader executable and an obfuscated AutoIT script, which act as the delivery mechanism for the malware payload (e.g., Lumma or Vidar Stealer).To evade detection, the threat actors implement antivirus checks within the NSIS script using Windows utilities like tasklist and findstr. These tools are employed to detect and terminate specific antivirus processes running on the victim’s system to avoid interruption. The targeted antivirus software includes:Quick Heal (opssvc)Webroot (wrsa)Sophos (SophosHealth)BitDefender (bdservicehost)Avast (AvastUI)AVG (AVGUI)Norton Security (nsWscSvc)ESET (ekrn)Figure 3: The attack chain illustrating the distribution process of Lumma and Vidar Stealer. Legion LoaderThe malware delivery process for Legion Loader begins by directing users to download a ZIP archive which contains another password-protected ZIP archive, along with an image file displaying the password needed to unlock it. Once unpacked, the final ZIP archive contains an MSI file that serves as the Legion Loader payload.The figure below shows the attack chain for Legion Loader:Figure 4: An attack chain for Legion Loader as observed in this campaign.Upon execution, the MSI file installs itself in the AppData directory and deploys various decoy software programs such as Tao Raiqsuv Utils, Frankwo Utilities, Heizer Kroop Sortic, or Kraew Loop Sols. During installation, the MSI file performs several custom actions, including launching a genuine installer executable as a decoy to conceal its operations. In the steps below, we explain the custom actions executed during the installation of the MSI file.Data collection and communication (DataUploader.dll)During the installation of the MSI file, DataUploader.dll is executed using a custom action to perform several key operations critical in the attack chain:Collects and transmits information to C2 server: In this version of Legion Loader, the DataUploader DLL includes a single export function named SendCollectedData. This function collects key information, such as the date and Product ID, and transmits it to the C2 server via an HTTP POST request.Processes the server response (status code): Upon receiving a C2 server response with the HTTP status code 200 (OK), the system uses the MsiSetPropertyW function to update the MSI file’s status. This update confirms that the data transmission and processing were successful and the attack proceeds to the next stage.Retrieves encrypted RAR file password: To facilitate the next phase of the attack, the system retrieves a password from the server. This password is then saved for later use via MsiSetPropertyW. Unlike earlier versions that relied on hardcoded passwords within the MSI file, this dynamic password may complicate static detections.Payload extraction and execution (BAT file execution)In the second stage of the attack, a BAT file is executed as part of a custom action defined in the MSI file. This step extracts malicious payloads and initiates their execution through DLL sideloading and process hollowing.Extracts files via 7ip: The BAT file invokes 7zip (7z.exe) passing the password that was previously obtained from the C2 server to decompress an archive file.Extracted file contents: The extracted archive contains a malicious DLL file, accompanied by legitimate DLLs or executable files that create an appearance of legitimacy to avoid detection.Executes legitimate software to sideload malicious DLL: To stage the attack, the BAT file executes a genuine, trusted executable, which is used to sideload the malicious DLL file. This technique ensures that the malicious DLL is loaded into the memory of a legitimate process to reduce suspicion.DLL injection via process hollowing: After being loaded into a legitimate process, the malicious DLL injects itself into a newly created instance of explorer.exe using process hollowing. During this process, the legitimate code in explorer.exe is replaced with malicious code. Shellcode execution and payload delivery: Once the code injection is complete, the embedded shellcode is executed within the hollowed-out explorer.exe process which is explorer.exe. In the campaign observed by ThreatLabz, the shellcode executed a browser extension designed to steal cryptocurrency.ConclusionThe analysis presented in this blog reveals the use of Black Hat SEO to poison search engine results for AI-related keywords to deliver malware like Vidar Stealer, Lumma, and Legion Loader. Many of these websites are ranked high in search engines, which increases potential victim exposure. Users must be vigilant when performing searches for AI tools, since their popularity is increasingly being exploited for fraud and to spread malware. Zscaler CoverageZscaler’s multilayered cloud security platform detects indicators related to Lumma, Vidar, and Legion Loader at various levels. The figure below depicts the Zscaler Cloud Sandbox, showing detection details for Lumma and Legion Loader. Figure 5: Zscaler Cloud Sandbox coverage report for Lumma Stealer.Figure 6: Zscaler Cloud Sandbox report for Vidar Stealer.Figure 7: Zscaler Cloud Sandbox report for Legion Loader.In addition to sandbox detections, Zscaler’s multilayered cloud security platform detects indicators related to this campaign at various levels with the following threat names:JS.Redirector.DownloaderWin32.PWS.LummaWin32.PWS.VidarWin32.Dropper.LegionLoaderBAT.Malicious.LegionLoaderWin32.Malicious.LegionLoaderDllIndicators Of Compromise (IOCs)IndicatorDescriptionchat-gpt-5[.]aiMalicious blog site related to AI luma-ai[.]comMalicious blog site related to AI krea-ai[.]comMalicious blog site related to AI llama-2[.]comMalicious blog site related to AI C957ADB29755E586EE022244369C375D Legion Loader password-protected ZIP14642E8FFD81298F649E28DC046D84BB Legion Loader MSI file FFDAACB43C074A8CB9A608C612D7540B Legion Loader DataUploader.dll3583E0CC8F78FD1E65F307D2D8471AD2 Legion Loader batch filehttps[:]//guildish[.]com/diagnostics.phpLegion Loader command-and-control (C2) URL C53eaf734ecc1d81c241ea2ab030a87e Lumma NSIS Installer filemetalsyo[.]digitalLumma command-and-control (C2)ironloxp[.]liveLumma command-and-control (C2)navstarx[.]shopLumma command-and-control (C2)starcloc[.]betLumma command-and-control (C2)advennture[.]topLumma command-and-control (C2)targett[.]topLumma command-and-control (C2)spacedbv[.]worldLumma command-and-control (C2)Galxnetb[.]todayLumma command-and-control (C2)758625d112c04c094f96afc40eafa894Vidar NSIS Installer filey.p.formaxprime.co[.]ukVidar command-and-control (C2)e.p.formaxprime.co[.]ukVidar command-and-control (C2)h.p.formaxprime.co[.]ukVidar command-and-control (C2)p.p.formaxprime.co[.]ukVidar command-and-control (C2)d.p.formaxprime.co[.]ukVidar command-and-control (C2)s.p.formaxprime.co[.]ukVidar command-and-control (C2)r.p.formaxprime.co[.]ukVidar command-and-control (C2)t.p.formaxprime.co[.]ukVidar command-and-control (C2)e.x.formaxprime.co[.]ukVidar command-and-control (C2)steamcommunity[.]com/profiles/76561199832267488Vidar command-and-control (C2)MITRE ATT&amp;CK TechniquesTacticTechnique IDTechnique NameDescriptionInitial Access T1189Drive-by CompromiseMalicious JavaScript embedded in fake AI blogs that executes code on the target’s system.ExecutionT1059.003 Command and Scripting Interpreter: Windows Command ShellThe NSIS installer contains a batch script that deletes the malware if security products are detected.T1059.001Command and Scripting Interpreter: PowerShellPowerShell script used in the execution flow of the malware.Discovery T1217Browser Information DiscoveryInformation collectionT1083File and Directory DiscoveryInformation collectionT1057Process DiscoveryBatch script to discover the process and start AutoIT. T1059.010Command and Scripting Interpreter: AutoHotKey &amp; AutoITAutoIT executes the script.Defense EvasionT1574.002Hijack Execution Flow: DLL Side-LoadingDLL sideloading observed in the malware execution flow.T1055Process InjectionProcess injection to evade detection.PersistenceT1176Browser ExtensionsAbuses browser extension for persistence.ExfiltrationT1041Exfiltration Over C2 ChannelExfiltrate information collected from infected systems.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.zscaler.com/blogs/feeds/security-research">Security Research | Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Security Research | Blog">Security Research | Blog</a>. Read the original post at: <a href="https://www.zscaler.com/blogs/security-research/black-hat-seo-poisoning-search-engine-results-ai-distribute-malware">https://www.zscaler.com/blogs/security-research/black-hat-seo-poisoning-search-engine-results-ai-distribute-malware</a> </p>

Why Every File Demands Sanitization

  • None
  • Published date: 2025-06-24 00:00:00

None

<div class="wp-block-ssm-section-wrapper" style="padding-top:var(--wp--preset--spacing--52);padding-bottom:var(--wp--preset--spacing--52)"><span aria-hidden="true" class="wp-block-ssm-section-wrapper__background has-light-gray-background-color"></span> <div class="wp-block-ssm-section-wrapper__content"> <div class="wp-block-columns are-vertically-aligned-top is-layout-flex wp-container-core-columns-is-layout-1 wp-block-columns-is-layout-flex"> <div class="wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:54%"> <h1 style="font-style:normal;font-weight:700;line-height:1.2; margin-top:var(--wp--preset--spacing--20);" class="wp-block-post-title">Why Every File Demands Sanitization</h1> <hr class="wp-block-separator has-alpha-channel-opacity has-dark-blue-gradient-background has-background is-style-with-opacity" style="margin-top:var(--wp--preset--spacing--16)"> <div style="font-style:normal;font-weight:700; margin-top:var(--wp--preset--spacing--10);" class="wp-block-post-date"><time datetime="2025-06-24T12:34:42-06:00">June 24, 2025</time></div> </div> <div class="wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:46%"> <figure class="is-style-box-shadow wp-block-post-featured-image"><img fetchpriority="high" decoding="async" width="800" height="800" src="https://votiro.com/wp-content/uploads/2025/06/Blog_ZTFileSanitization_Square.png" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="A magnifying glass inspects ones and zeros on a screen and locates MALWARE" style="border-radius:10px;object-fit:cover;" srcset="https://votiro.com/wp-content/uploads/2025/06/Blog_ZTFileSanitization_Square.png 800w, https://votiro.com/wp-content/uploads/2025/06/Blog_ZTFileSanitization_Square-300x300.png 300w, https://votiro.com/wp-content/uploads/2025/06/Blog_ZTFileSanitization_Square-150x150.png 150w, https://votiro.com/wp-content/uploads/2025/06/Blog_ZTFileSanitization_Square-768x768.png 768w" sizes="(max-width: 800px) 100vw, 800px"></figure> </div> </div> </div> </div><div class="wp-block-ssm-section-wrapper animate-bg-color theme-light" style="padding-top:var(--wp--preset--spacing--20);padding-bottom:var(--wp--preset--spacing--40)"><span aria-hidden="true" class="wp-block-ssm-section-wrapper__background" style="--top-gradient-color:var(--white);--bottom-gradient-color:var(--brand-green)" data-bg-color="has-brand-green-background-color"></span> <div class="wp-block-ssm-section-wrapper__content"> <p>Zero Trust has been called a buzzword, a trend, and even a marketing ploy. But here’s the thing: security frameworks don’t gain that kind of traction unless they work. Everyone’s still talking about Zero Trust because it solves a very real problem — blind spots created by assumptions.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p>One of the biggest? Assuming that known senders, internal employees, or long-time vendors always send safe files. They don’t. Not intentionally, of course, but that doesn’t matter to the malware tucked quietly inside a spreadsheet or the outdated template carrying an embedded exploit. When we assume a file is safe because of who sent it, we skip the part where we actually check if it’s safe. We’ve done it. You’ve done it. And odds are one of you will do it later today.</p> <p>And that’s exactly the kind of assumption attackers rely on. They don’t need to breach your perimeter if they can hitch a ride on something you already trust. In a world where threats evolve faster than detection tools can keep up, trust becomes a liability. Every file should be treated like a potential risk, because you start inviting trouble the second you stop inspecting.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="f301658a8bbc8b92786ea6c6-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="f301658a8bbc8b92786ea6c6-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> <h3 class="wp-block-heading has-h-2-font-size">Not All Threats Come from Strangers</h3> <p>It’s easy to focus on the obvious threats, the phishing email from an unknown domain, and the suspicious link from an unverified sender. But in today’s threat landscape, the more dangerous risks often come dressed as routine. Files that pass between coworkers, vendors, and customers can carry just as much risk as those from external sources. The trouble is, we rarely treat them that way. And that’s where problems begin.</p> <h3 class="wp-block-heading">Friendly Fire is Still Fire</h3> <p><strong>Employee: </strong>Familiarity often lulls teams into skipping the very checks that could prevent disaster. An employee sharing a document over Slack, a vendor uploading a quarterly report, and a customer attaching a PDF to your web upload portal are everyday interactions. But behind the scenes, they’re also common delivery mechanisms for hidden threats.</p> <p><strong>Third-party:</strong> Vendors and supply chain partners are another weak link—often making headlines when a lapse in their security affects the clients they work with, and the customers that work with them. Many rely on the same templates, week after week and quarter after quarter, some of which may have been compromised months ago and quietly repurposed by attackers.</p> <p><strong>Customer: </strong>Even customers pose a risk. A file created on an infected device doesn’t announce itself. It just arrives seemingly clean but laced with trouble. And once it’s inside your environment, the damage is done. Trust doesn’t change that reality. If anything, it gives malware a clearer path. When you assume good intent, you stop asking the right questions. And that’s when risk slips through unnoticed.</p> <h3 class="wp-block-heading">Trusted Senders Bypass Traditional Defenses</h3> <p><strong>Antivirus: </strong>Most security tools are built to catch the obvious threats, but modern threats don’t always wave a red flag. Zero-day exploits and fileless malware aren’t recognizable by signature-based tools like antivirus software. They’re engineered to slide past detection quietly, often hiding in perfectly ordinary files.</p> <p><strong>Sandbox:</strong> Sandboxes are supposed to be the next line of defense, but they’re far from foolproof. Many threats are designed to lay dormant, only activating under specific conditions that a sandbox can’t replicate. A file might appear clean in a controlled environment and be released, only to detonate once in a real user’s hands.</p> <p><strong>Email:</strong> Files from “trusted” sources often bypass inspection entirely. Organizations routinely create email allowlists and security exceptions for employees, partners, and known domains. The logic is simple: these people aren’t threats. But that logic is flawed. A compromised account can happen at any moment, while an infected device or a reused file can all introduce risk regardless of who hit send for the first time… or at some point in the past.</p> <h2 class="wp-block-heading">Get Tech That Treats Every File Like a Weapon</h2> <p>The only way to stay ahead of hidden threats is to treat every file as if it could be malicious, because it could be. Which brings us back to an insistence on Zero Trust principles. This mindset is at the core of what comes next: a solution built not on assumptions but verification.</p> <h3 class="wp-block-heading">No Assumptions</h3> <p>Votiro cleanses every file, every time. It doesn’t matter who sent it. It doesn’t matter if it came from a trusted domain, an internal colleague, or a long-time partner. Every file is treated with the same level of scrutiny because risk doesn’t discriminate based on relationships.</p> <p>At the core of Votiro’s approach is our <a href="https://votiro.com/guides/what-is-content-disarm-and-reconstruction-cdr/" rel="noreferrer noopener">Content Disarm and Reconstruction (CDR)</a> technology. Instead of trying to detect known malware based on signatures or behavior, our advanced CDR takes a more proactive path. We break the file down, remove potentially harmful elements like macros, embedded scripts, and shellcode, and rebuild a clean version in real time—with those essential elements back in place, now rendered safe. The result is a file that functions exactly as it should, minus the threats that traditional tools often miss.</p> <p>In parallel, our <a href="https://votiro.com/active-data-masking/" rel="noreferrer noopener">Active Data Masking</a> adds a second layer of protection by identifying and masking sensitive information before it reaches the wrong hands. Whether it’s PII in a customer upload or confidential data in an internal document, we ensure privacy without delay or disruption.</p> <p>By combining real-time threat removal with intelligent data protection, Votiro eliminates the need for assumptions and the risk that those assumptions are wrong.</p> <h3 class="wp-block-heading">No Disruption, Just Protection</h3> <p>File security is good. File security that doesn’t interfere with business flow is great. That’s where most solutions fall short. They create friction. Files get quarantined. Alerts fire off false positives. Documents arrive stripped of key features like macros or password protection. In trying to protect users, traditional tools end up slowing them down.</p> <p>Votiro takes a different approach. We neutralize risk without breaking the workflow. No quarantining. No delays. No guesswork. Whether it’s a ZIP archive, a macro-enabled spreadsheet, or a password-protected report, Votiro ensures that nothing is lost in the sanitization process… except the threat.</p> <p>And it all happens silently. Votiro runs in the background, invisible to the end user. There’s no disruption to how people work, no new tools to learn, and no detours around the file exchange process. Just clean, safe content delivered the moment it’s needed. Security doesn’t get in the way. It just works. And the cherry on top are the in-depth analytics that security can use to better understand their risk surface and increase security posture.</p> <p><strong>The result?</strong> An airtight file security solution that doesn’t rely on assumptions, manual reviews, or false hope. It simply works quietly, quickly, and without compromise. </p> <p>Try Votiro and treat every file like it demands sanitization, because it does. <a href="https://votiro.com/book-a-demo/" rel="noreferrer noopener">Book a demo today.</a></p> </div> </div><p>The post <a href="https://votiro.com/blog/why-every-file-demands-sanitization/">Why Every File Demands Sanitization</a> appeared first on <a href="https://votiro.com/">Votiro</a>.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://votiro.com/">Votiro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Votiro">Votiro</a>. Read the original post at: <a href="https://votiro.com/blog/why-every-file-demands-sanitization/">https://votiro.com/blog/why-every-file-demands-sanitization/</a> </p>

LinuxFest Northwest: Maximizing AI Potential Optimization Techniques for Smarter Faster Systems

  • None
  • Published date: 2025-06-24 00:00:00

None

<p></p><center data-preserve-html-node="true">Author/Presenter: Dmitry Shmulevich (Software Engineer, NVIDIA) <p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/qamj2wjz1S8?si=c3tWvLQuoI3-rItQ" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p>Our sincere appreciation to <strong><a href="https://www.linuxfestnorthwest.org/">LinuxFest Northwest</a></strong> (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb <strong><a href="https://www.youtube.com/playlist?list=PLjDc7gDlIASRAcG0cxWYOnNGwFnykUMNZ">LinuxFest Northwest 2025</a></strong> video content. Originating from the conference’s events located at the <strong><a href="https://www.btc.edu/">Bellingham Technical College in Bellingham, Washington</a></strong>; and via the organizations <strong><a href="https://www.youtube.com/@LinuxFestNorthwest">YouTube</a></strong> channel. </p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p>Thanks and a Tip O’ The Hat to <strong><a href="https://www.verificationlabs.com/trey.html">Verification Labs</a></strong> :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the <strong><a href="https://www.linuxfestnorthwest.org/">LinuxFest Northwest</a></strong> conference.</p> <p></p></center></center><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="eae7ee25ab796d04bea71d34-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="eae7ee25ab796d04bea71d34-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><a href="https://www.infosecurity.us/blog/2025/6/24/linuxfest-northwest-maximizing-ai-potential-optimization-techniques-for-smarter-faster-systems">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/qamj2wjz1S8?si=c3tWvLQuoI3-rItQ">https://www.youtube-nocookie.com/embed/qamj2wjz1S8?si=c3tWvLQuoI3-rItQ</a> </p>

Application and API Security Can’t Rely Solely on Perimeter Defenses or Scanners | Notes on Gartner AppSec Research | Contrast Security

  • None
  • Published date: 2025-06-24 00:00:00

None

<div class="hs-featured-image-wrapper"> <a href="https://www.contrastsecurity.com/security-influencers/perimeter-defenses-arent-enough-why-in-app-security-and-adr-are-the-future" title="" class="hs-featured-image-link"> <img decoding="async" src="https://www.contrastsecurity.com/hubfs/Gartner.png" alt="Perimeter defenses and traditional scanning aren't enough. Real-time protection and response are crucial." class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div><p>Contrast Security launched Application Detection and Response (ADR) in August of 2024, and now, in a new Gartner research note, ADR is a topic. The <a href="https://www.gartner.com/document-reader/document/6345979"><span>2025 Gartner® Implement Effective Application and API Security Controls</span></a> (accessible to Gartner clients only)*, by William Dupre, discusses today’s complex problem: </p><p><img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=203759&amp;k=14&amp;r=https%3A%2F%2Fwww.contrastsecurity.com%2Fsecurity-influencers%2Fperimeter-defenses-arent-enough-why-in-app-security-and-adr-are-the-future&amp;bu=https%253A%252F%252Fwww.contrastsecurity.com%252Fsecurity-influencers&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.contrastsecurity.com/security-influencers">AppSec Observer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Contrast">Contrast</a>. Read the original post at: <a href="https://www.contrastsecurity.com/security-influencers/perimeter-defenses-arent-enough-why-in-app-security-and-adr-are-the-future">https://www.contrastsecurity.com/security-influencers/perimeter-defenses-arent-enough-why-in-app-security-and-adr-are-the-future</a> </p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div>

NSFOCUS was Selected as a Representative Provider of Gartner® “Innovation Insight: Adversarial Exposure Validation in China”

  • None
  • Published date: 2025-06-24 00:00:00

None

<p>SANTA CLARA, Calif., June 24, 2025 – Recently, Gartner released the 2025 “Innovation Insight: Adversarial Exposure Validation in China”¹, NSFOCUS was selected as a Representative Provider for its adversarial exposure validation (AEV) capability in the<a href="https://nsfocusglobal.com/products/continuous-threat-exposure-management/"> continuous threat exposure management</a> (CTEM) service.</p><h2>Why has ASM become a pain point for enterprises?</h2><div class="wp-block-image"> <figure class="aligncenter size-large is-resized"><a href="https://nsfocusglobal.com/wp-content/uploads/2023/09/ctemsteps.png"><img fetchpriority="high" decoding="async" src="https://nsfocusglobal.com/wp-content/uploads/2023/09/ctemsteps-1024x941.png" alt="" class="wp-image-26196" width="512" height="471" srcset="https://nsfocusglobal.com/wp-content/uploads/2023/09/ctemsteps-1024x941.png 1024w, https://nsfocusglobal.com/wp-content/uploads/2023/09/ctemsteps-300x276.png 300w, https://nsfocusglobal.com/wp-content/uploads/2023/09/ctemsteps-768x706.png 768w, https://nsfocusglobal.com/wp-content/uploads/2023/09/ctemsteps-196x180.png 196w, https://nsfocusglobal.com/wp-content/uploads/2023/09/ctemsteps-150x138.png 150w, https://nsfocusglobal.com/wp-content/uploads/2023/09/ctemsteps.png 1072w" sizes="(max-width: 512px) 100vw, 512px"></a></figure> </div><p><strong>Asset data is scattered and lacks a unified </strong><strong>asset account</strong></p><p>Enterprise assets are scattered in various systems, and their comprehensiveness, accuracy and real-time performance are difficult to guarantee. The security department needs to sort out a unified network asset management account.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p><strong>Lack of external attack surface management</strong><strong> (EASM)</strong></p><p>The Internet exposure has increased, the asset types are numerous and wide-ranging, and there is a lack of monitoring and mapping management of exposed assets, making it difficult to timely detect changes in external assets and locate internal assets.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="3753301e5992af797ab441a3-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="3753301e5992af797ab441a3-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><strong>Massive risks cannot be prioritized</strong></p><p>As the business develops and expands, the number of assets and new vulnerabilities is growing exponentially. Prioritizing risks has become a new problem that enterprises must face.</p><p><strong>Risk offline closed-loop efficiency is low</strong></p><p>The risk closed loop is not connected with the existing IT process system of the enterprise, resulting in difficulty in combining security work with daily operation and low disposal efficiency.</p><p>In response to the above pain points, NSFOCUS has proposed CTEM solution that covers all assets, vulnerabilities, and sensitive data based on vulnerability management, through internal and external asset mapping, continuous assessment and verification, and closed-loop operation.</p><h2>NSFOCUS CTEM: Implementation plan from exposure to governance</h2><div class="wp-block-image"> <figure class="aligncenter size-full"><a href="https://nsfocusglobal.com/wp-content/uploads/2024/08/CTEM-Methodology-1.jpg"><img decoding="async" loading="lazy" width="800" height="505" src="https://nsfocusglobal.com/wp-content/uploads/2024/08/CTEM-Methodology-1.jpg" alt="" class="wp-image-30061" srcset="https://nsfocusglobal.com/wp-content/uploads/2024/08/CTEM-Methodology-1.jpg 800w, https://nsfocusglobal.com/wp-content/uploads/2024/08/CTEM-Methodology-1-300x189.jpg 300w, https://nsfocusglobal.com/wp-content/uploads/2024/08/CTEM-Methodology-1-768x485.jpg 768w, https://nsfocusglobal.com/wp-content/uploads/2024/08/CTEM-Methodology-1-285x180.jpg 285w, https://nsfocusglobal.com/wp-content/uploads/2024/08/CTEM-Methodology-1-150x95.jpg 150w" sizes="auto, (max-width: 800px) 100vw, 800px"></a></figure> </div><p><strong>Scenario-based asset management</strong></p><p>NSFOCUS CTEM provides multi-dimensional asset management capabilities from the attacker’s perspective. By integrating internal and external data, companies can fully understand asset exposure and avoid security blind spots. For example, the solution supports monitoring of internal assets, shadow assets, Internet exposure threats, data leakage and other scenarios to ensure comprehensive and accurate asset management.</p><p><strong>Multi-source data integration</strong></p><p>NSFOCUS CTEM supports the access and integration of multi-source security data, including active scanning engines, passive traffic engines, EASM, BAS, penetration testing, CMDB, and third-party vendor security products. After data scrubbing and consolidation, it provides comprehensive analysis capabilities to help enterprises extract valuable security information from massive data.</p><p><strong>Intelligent risk assessment and convergence</strong></p><p>NSFOCUS CTEM uses deep learning to evaluate the priority of vulnerabilities and achieve continuous assessment and dynamic convergence of risks. Through vulnerability scanning, threat intelligence analysis and attack simulation, enterprises can quickly identify high-risk assets and take targeted protective measures.</p><h2>CTEM core value</h2><p><strong>Establish a unified asset </strong><strong>account</strong><strong> to improve asset visibility</strong></p><p>NSFOCUS CTEM accesses internal asset systems and Internet mapping data, uses traffic protocol analysis technology to passively identify assets, comprehensively sorts out customers’ internal and external network assets, and establishes a detailed asset account through comprehensive asset collection and analysis, which can clearly see the risk status of global assets.</p><p><strong>Accurate risk identification and positioning to </strong><strong>optimize</strong><strong> attack surface management</strong></p><p>NSFOCUS CTEM conducts a comprehensive assessment from multiple dimensions such as assets, vulnerabilities, weak passwords, non-compliant configurations and external attack surfaces to understand enterprise security risks. With the help of advanced vulnerability priority assessment methods, it guides users to track the mitigation status of key assets and key vulnerabilities, perform indicator operations, and present the results of security management work.</p><p><strong>Build a dynamic operating system to promote continuous improvement</strong></p><p>NSFOCUS CTEM has built a dynamic asset sorting and risk operation system that encourages organizations to continuously review and improve their own security practices, allowing users to clearly understand corporate asset risks, effectively close the loop for repair, and continuously accumulate corporate knowledge base in the process to improve risk operation capabilities.</p><div class="wp-block-image"> <figure class="aligncenter size-large"><a href="https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings.png"><img decoding="async" loading="lazy" width="1024" height="597" src="https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings-1024x597.png" alt="" class="wp-image-26553" srcset="https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings-1024x597.png 1024w, https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings-300x175.png 300w, https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings-768x448.png 768w, https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings-1536x896.png 1536w, https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings-2048x1194.png 2048w, https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings-309x180.png 309w, https://nsfocusglobal.com/wp-content/uploads/2023/10/CTEM-Offerings-150x87.png 150w" sizes="auto, (max-width: 1024px) 100vw, 1024px"></a></figure> </div><p>When enterprises are in the stage of upgrading from traditional vulnerability management to closed-loop attack surface management, they need to invest more resources and cross-departmental collaboration to support complex security scenarios. NSFOCUS will continue to expand the adapter access capabilities and large language model application scenarios of the CTEM platform to guarantee enterprise security.</p><p>Gartner® does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.</p><p>GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.</p><p>The post <a rel="nofollow" href="https://nsfocusglobal.com/nsfocus-was-selected-as-a-representative-provider-of-gartner-innovation-insight-adversarial-exposure-validation-in-china/">NSFOCUS was Selected as a Representative Provider of Gartner® “Innovation Insight: Adversarial Exposure Validation in China”</a> appeared first on <a rel="nofollow" href="https://nsfocusglobal.com/">NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.</a>.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://nsfocusglobal.com/">NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by NSFOCUS">NSFOCUS</a>. Read the original post at: <a href="https://nsfocusglobal.com/nsfocus-was-selected-as-a-representative-provider-of-gartner-innovation-insight-adversarial-exposure-validation-in-china/">https://nsfocusglobal.com/nsfocus-was-selected-as-a-representative-provider-of-gartner-innovation-insight-adversarial-exposure-validation-in-china/</a> </p>

Role of AI in Vulnerability Management

  • None
  • Published date: 2025-06-24 00:00:00

None

<p>Vulnerability management is a continuous process of detecting, prioritizing, and addressing security weaknesses in software applications, networks, and systems. This proactive approach is vital for protecting an organization’s digital infrastructure and ensuring overall security. To streamline and enhance this process, integrating artificial intelligence (AI) is key. AI-powered platforms are revolutionizing vulnerability management by enabling quicker detection, intelligent prioritization, and proactive defense mechanisms. For organizations aiming to enhance their cybersecurity posture without overburdening their teams, AI delivers both speed and scalability. In this blog, we’ll delve into the role of AI in vulnerability management, its benefits for businesses, and the challenges that come with its adoption.</p><p>Let’s explore how AI can improve vulnerability management and the ways it can be effectively implemented.</p><h2 class="wp-block-heading">AI in Vulnerability Management</h2><p>Integrating AI in vulnerability management significantly elevates its effectiveness. AI not only accelerates analysis but also enhances the accuracy of threat detection.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>After choosing to implement AI, it’s essential to define how you want it to respond and determine the types of data it should analyze. This helps in selecting the most suitable algorithms. AI and machine learning techniques are especially powerful in identifying advanced and previously unknown threats.</p><p>AI-powered<strong> pentesting and VMDR tool like<a href="https://kratikal.com/autosect"> <mark class="has-inline-color has-luminous-vivid-orange-color">AutoSecT</mark></a>, </strong>can analyze massive volumes of data—such as security logs, network traffic, and threat intelligence feeds—to detect patterns and anomalies that may indicate vulnerabilities or active threats. Transforming these logs into structured data and visual charts streamlines the analysis process. Security incidents should be evaluated based on risk severity, with real-time alerts issued for immediate response.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="5b2dc1371fd7664ee5cd43ba-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="5b2dc1371fd7664ee5cd43ba-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p>Another key advantage of AI is its ability to self-learn. With continuous training using relevant data, AI systems can adapt to evolving environments and effectively detect both high-risk and previously unknown threats.</p><p>While implementing AI does require multiple training iterations—which can be time-intensive—its long-term benefits outweigh the initial effort. Over time, AI models become more adept at identifying vulnerabilities and threats. These systems continuously learn from new data, improving their accuracy and effectiveness in detecting risks and providing actionable insights.</p><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><br><title>Cybersecurity Consultation</title><link rel="stylesheet" href="https://kratikal.com/blog/role-of-ai-in-vulnerability-management/styles.css"><style type="text/css"> <p>.containers{ display: flex; width: 100%; max-width: 800px; height: 500px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); border-radius: 4px; overflow: hidden; margin: 25px auto; }</p> <p>/* Left section */ .left-section { width: 50%; background-color: #000; color: white; padding: 30px; display: flex; flex-direction: column; position: relative; overflow: hidden; }</p> <p>.left-section h1 { font-size: 26px; line-height: 40px; margin-bottom: 30px; z-index: 2; position: relative; color: white; }</p> <p>.consultation-image { position: absolute; bottom: 0; left: 0; width: 100%; height: 70%; object-fit: cover; object-position: center; }</p> <p>/* Right section */ .right-section { width: 50%; background-color: white; padding: 30px; display: flex; flex-direction: column; justify-content: center; }</p> <p>.form-containers { width: 100%; }</p> <p>.form-group { margin-bottom: 20px; }</p> <p>label { display: block; color: #666; margin-bottom: 5px; font-size: 14px; }</p> <p>.right-section input { width: 100%; padding: 12px 15px; border: 1px solid #e0e0e0; border-radius: 8px; font-size: 16px; }</p> <p>.submit-btnns { width: 100%; padding: 15px; background: linear-gradient(to right, #e67e22, #d35400); border: none; border-radius: 8px; color: white; font-size: 18px; font-weight: bold; cursor: pointer; margin-top: 10px; }</p> <p>/* Responsive design */ @media (max-width: 768px) { .containers { flex-direction: column; height: auto; }</p> <p> .left-section, .right-section { width: 100%; }</p> <p> .left-section { height: 400px; }</p> <p> .consultation-image { height: 60%; } }</p> <p>@media (max-width: 480px) { .left-section { padding: 20px; height: 350px; }</p> <p> .left-section h1 { font-size: 16px; line-height: 28px; }</p> <p> .right-section { padding: 20px; }</p> <p> .right-section input, .submit-btnns { padding: 10px; } } </style><p><br> </p><script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="5b2dc1371fd7664ee5cd43ba-|49" defer></script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015" integrity="sha512-ZpsOmlRQV6y907TI0dKBHq9Md29nnaEIPlkf84rnaERnq6zvWvPUqr2ft8M1aS28oN72PdrCzSjY4U6VaAw1EQ==" data-cf-beacon='{"rayId":"954c6cbec86136bd","version":"2025.6.2","serverTiming":{"name":{"cfExtPri":true,"cfEdge":true,"cfOrigin":true,"cfL4":true,"cfSpeedBrain":true,"cfCacheStatus":true}},"token":"33edbdb5f462496f85e52978979b687b","b":1}' crossorigin="anonymous"></script><div class="containers"> <div class="left-section"> <h1>Book Your Free Cybersecurity Consultation Today!</h1> <p> <img decoding="async" src="https://awareness.threatcop.ai/marketing/new_asset_blog_form.svg" alt="People working on cybersecurity" class="consultation-image"> </p></div> <div class="right-section"> <div class="form-containers"> <form action="https://kratikal.com/thanks/thankyou-blog" method="get"> <div class="form-group"> <label for="fullName">Full Name</label><br> <input type="text" required="" name="FullName" value="" placeholder="Enter full name"></div> <div class="form-group"> <label for="email">Email ID</label><br> <input type="email" required="" name="email" value="" placeholder="your name @ example.com"></div> <div class="form-group"> <label for="company">Company Name</label><br> <input type="text" required="" name="CompanyName" value="" placeholder="Enter company name"> </div> <div class="form-group"> <label for="phone">Phone Number</label><br> <input class="tnp-email" type="number" required="" name="Phone" value="" placeholder="Enter phone number"> </div> <p> <input type="hidden" name="BlogForm" value="BlogForm"><br> <button type="submit" class="submit-btnns" name="submit" value="I am interested!">I am interested!</button><br> </p></form> </div> </div> </div><p><br> </p><h3 class="wp-block-heading">How Generative AI Elevates Vulnerability Management to the Next Level? </h3><p>Generative AI is redefining the future of vulnerability management by bringing advanced capabilities to threat detection, analysis, and response. Unlike traditional AI models, it can generate new insights, simulate attack scenarios, and offer tailored remediation strategies—making security operations smarter and more adaptive than ever. Here’s how it transforms the game:</p><h4 class="wp-block-heading">Intelligient Automation For Detecting and Prioritizing Vulnerabilities </h4><p>Generative AI models are increasingly being used to scan code for vulnerabilities at remarkable speed. Combined with AI-powered dark web monitoring and compromised data tracking, organizations can now detect threats in real time—enabling them to act proactively before attackers exploit any weaknesses.</p><h4 class="wp-block-heading">AI Powered Code Remediation</h4><p>Beyond just detection, AI is also making significant strides in the remediation phase. Tools like AutoSecT, an AI-driven remediation engine, assist developers by offering direct fixes within their development environments. Supporting multiple programming languages, it can resolve a number of vulnerabilities—accelerating the remediation process while maintaining strong security standards.</p><p>However, experts advise caution against fully relying on AI-generated fixes. While AI improves digital footprint analysis and strengthens brand protection, human oversight remains essential to ensure accuracy and to prevent the introduction of new bugs.</p><h3 class="wp-block-heading">Role of AI in Vulnerability Management </h3><p>AI offers a variety of practical benefits for organizations aiming to enhance their security operations without straining their teams or budgets. Here’s how businesses are gaining a competitive advantage by integrating AI in vulnerability management strategies:</p><div class="wp-block-image"> <figure class="aligncenter size-full"><img fetchpriority="high" decoding="async" width="781" height="460" src="https://kratikal.com/blog/wp-content/uploads/2025/06/AI-is-Transforming-Vulnerability-Management-1.jpg" alt="" class="wp-image-13224" srcset="https://kratikal.com/blog/wp-content/uploads/2025/06/AI-is-Transforming-Vulnerability-Management-1.jpg 781w, https://kratikal.com/blog/wp-content/uploads/2025/06/AI-is-Transforming-Vulnerability-Management-1-300x177.jpg 300w, https://kratikal.com/blog/wp-content/uploads/2025/06/AI-is-Transforming-Vulnerability-Management-1-150x88.jpg 150w, https://kratikal.com/blog/wp-content/uploads/2025/06/AI-is-Transforming-Vulnerability-Management-1-768x452.jpg 768w" sizes="(max-width: 781px) 100vw, 781px"></figure> </div><h4 class="wp-block-heading">Improves Efficiency with Automated Processes: </h4><p>AI significantly lessens manual effort by automating routine tasks such as asset discovery, vulnerability scanning, ticket assignment, and patch validation. This minimizes time spent on repetitive activities, allowing security teams to focus on more strategic priorities. As a result, organizations can lower operational costs, boost team efficiency, and enhance overall productivity in their security operations.</p><h4 class="wp-block-heading">Accurate and Targeted Risk Assessment: </h4><p>Unlike traditional static, rules-based systems, AI leverages contextual analysis to deliver more accurate risk assessments. It evaluates factors such as exploitability, network exposure, asset value, known attack patterns, and real-time threat intelligence to identify the most critical vulnerabilities. This targeted approach helps organizations move away from the inefficient “patch everything” mindset, allowing them to focus resources on the highest-risk issues—reducing overall risk while maximizing efficiency.</p><h4 class="wp-block-heading">Scalable for Complex and Growing Environments: </h4><p>Whether managing 50 or 50,000 endpoints, AI scales seamlessly. It adapts in real time to changes in the IT landscape—such as new devices, software updates, or cloud deployments—without needing a proportional increase in security personnel. As organizations expand or transition to hybrid and cloud-first models, AI ensures vulnerability management evolves accordingly, maintaining strong security without added strain on resources.</p><h4 class="wp-block-heading">Stregthening Proactive Security Posture: </h4><p>AI shifts vulnerability management from a reactive process to a proactive strategy. By anticipating which vulnerabilities are most likely to be exploited, it enables organizations to take preventive measures before any breach occurs. This approach lowers incident response costs, reduces potential downtime, and supports stronger regulatory compliance by staying ahead of emerging threats.</p><h4 class="wp-block-heading">Smarter Decision-Making Powered by Real Time Insights: </h4><p>In addition, AI consolidates data from multiple threat intelligence sources—such as CVEs, dark web activity, vendor advisories, and industry reports—to deliver a real-time understanding of the evolving threat landscape. This enables organizations to stay alert and respond swiftly to newly disclosed high-risk vulnerabilities. As a result, decision-makers gain timely, data-driven insights that support faster and more informed security actions.</p><h3 class="wp-block-heading">How AI Agents Automate Threat Detection? </h3><p>This is where AI truly shines. Unlike traditional systems that rely on predefined rules, AI security agents learn by processing vast amounts of data. They ingest multiple streams of security information to establish a baseline of normal behavior within your systems.</p><p>Using advanced techniques such as anomaly detection, natural language processing (NLP), and predictive modeling, these agents can identify unusual activity in real time.</p><p><strong>For example:</strong></p><ul class="wp-block-list"> <li>A user downloads several gigabytes of sensitive data at 3 a.m. from a foreign IP address.</li> <li>A device begins connecting to suspicious domains unexpectedly.</li> <li>Multiple failed login attempts are recorded from different locations within minutes.</li> </ul><p>While such incidents might be overlooked or deprioritized in conventional systems, AI-powered security agents detect and escalate them immediately—often connecting the dots across endpoints, networks, and cloud environments to uncover broader patterns.</p><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><br><title>Cyber Security Squad – Newsletter Signup</title><link rel="stylesheet" href="https://kratikal.com/blog/role-of-ai-in-vulnerability-management/styles.css"><link rel="preconnect" href="https://fonts.googleapis.com/"><link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin><link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&amp;display=swap" rel="stylesheet"><style type="text/css"> /* Reset and base styles */</p> <p>.newsletterwrap .containerWrap { width: 100%; max-width: 800px; margin: 25px auto; }</p> <p>/* Card styles */ .newsletterwrap .signup-card { background-color: white; border-radius: 10px; overflow: hidden; box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1); border: 8px solid #e85d0f; }</p> <p>.newsletterwrap .content { padding: 30px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; }</p> <p>/* Text content */ .newsletterwrap .text-content { flex: 1; min-width: 250px; margin-right: 20px; }</p> <p>.newsletterwrap .main-heading { font-size: 26px; color: #333; font-weight: 900; margin-bottom: 0px; }</p> <p>.newsletterwrap .highlight { color: #e85d0f; font-weight: 500; margin-bottom: 15px; }</p> <p>.newsletterwrap .para { color: #666; line-height: 1.5; margin-bottom: 10px; }</p> <p>.newsletterwrap .bold { font-weight: 700; }</p> <p>/* Logo */ .newsletterwrap .rightlogo { display: flex; flex-direction: column; align-items: center; margin-top: 10px; }</p> <p>.newsletterwrap .logo-icon { position: relative; width: 80px; height: 80px; margin-bottom: 10px; }</p> <p>.newsletterwrap .c-outer, .c-middle, .c-inner { position: absolute; border-radius: 50%; border: 6px solid #e85d0f; border-right-color: transparent; }</p> <p>.newsletterwrap .c-outer { width: 80px; height: 80px; top: 0; left: 0; }</p> <p>.newsletterwrap .c-middle { width: 60px; height: 60px; top: 10px; left: 10px; }</p> <p>.newsletterwrap .c-inner { width: 40px; height: 40px; top: 20px; left: 20px; }</p> <p>.newsletterwrap .logo-text { color: #e85d0f; font-weight: 700; font-size: 0.9rem; text-align: center; }</p> <p>/* Form */ .newsletterwrap .signup-form { display: flex; padding: 0 30px 30px; }</p> <p>.newsletterwrap input[type="email"] { flex: 1; padding: 12px 15px; border: 1px solid #ddd; border-radius: 4px 0 0 4px; font-size: 1rem; outline: none; }</p> <p>.newsletterwrap input[type="email"]:focus { border-color: #e85d0f; }</p> <p>.newsletterwrap .submitBtn { background-color: #e85d0f; color: white; border: none; padding: 12px 20px; border-radius: 0 4px 4px 0; font-size: 1rem; cursor: pointer; transition: background-color 0.3s; white-space: nowrap; }</p> <p>.newsletterwrap button:hover { background-color: #d45000; }</p> <p>/* Responsive styles */ @media (max-width: 768px) { .newsletterwrap .content { flex-direction: column; text-align: center; }</p> <p> .newsletterwrap .text-content { margin-right: 0; margin-bottom: 20px; }</p> <p> .newsletterwrap .rightlogo { margin-top: 20px; } }</p> <p>@media (max-width: 480px) { .newsletterwrap .signup-form { flex-direction: column; }</p> <p> .newsletterwrap input[type="email"] { border-radius: 4px; margin-bottom: 10px; }</p> <p> .newsletterwrap .submitBtn { border-radius: 4px; width: 100%; } } </style><p><br> </p><div class="containerWrap"> <div class="signup-card"> <div class="content"> <div class="text-content"> <h1 class="main-heading">Get in!</h1> <p class="para">Join our weekly <span style="color: #e75d10;">newsletter</span> and stay updated</p> </div> <div class="rightlogo"> <div class="logo-icon"> <div class="c-outer"></div> <div class="c-middle"></div> <div class="c-inner"></div> </div> <div class="logo-text">CYBER SECURITY SQUAD</div> </div> </div> <form class="signup-form" action="https://kratikal.com/thanks/thankyou-newsletter" method="get"> <input type="email" name="email" value="" placeholder="Email" required><br> <input type="submit" name="submit" value="I am interested!" class="submitBtn"><br> </form> </div> </div><p><br> </p><h3 class="wp-block-heading">Conclusion </h3><p>Artificial intelligence is transforming vulnerability management from a time-consuming, reactive process into a dynamic, proactive defense strategy. By leveraging <a href="https://kratikal.com/blog/how-agentic-ai-can-secure-network-infrastructure/"><mark class="has-inline-color has-luminous-vivid-orange-color">AI driven pentesting</mark></a> and VMDR platforms like <strong>AutoSecT</strong>, organizations can detect, prioritize, and remediate vulnerabilities with unprecedented speed and accuracy. From intelligent automation and self-learning capabilities to real-time risk assessment and scalable deployment, AI empowers security teams to stay ahead of ever-evolving threats without overwhelming their resources.</p><p>Generative AI further amplifies these benefits by simulating attack scenarios, enhancing code remediation, and offering context-driven insights that sharpen decision-making. While AI brings immense value, human oversight remains essential to ensure accuracy and prevent unintended consequences.</p><p>As cyber threats continue to grow in complexity and frequency, integrating AI in vulnerability management is no longer optional—it’s a critical step toward building a resilient, future-ready cybersecurity posture.</p><h3 class="wp-block-heading">FAQs</h3><div class="schema-how-to wp-block-yoast-how-to-block"> <p class="schema-how-to-description"> </p><ol class="schema-how-to-steps"> <li class="schema-how-to-step" id="how-to-step-1750745549991"><strong class="schema-how-to-step-name"><strong> How is AI used in vulnerability management?</strong></strong> <p class="schema-how-to-step-text">AI improves vulnerability management by detecting and prioritizing system weaknesses. Using advanced algorithms, it scans networks to uncover issues such as software bugs and outdated components. It then evaluates the severity of each vulnerability, helping prioritize remediation based on potential risk.</p> </li> <li class="schema-how-to-step" id="how-to-step-1750745560943"><strong class="schema-how-to-step-name"><strong>Ways to use AI in vulnerability management?</strong></strong> <p class="schema-how-to-step-text"> By leveraging risk-based prioritization, effective patching cycles, and robust data management, organizations can maximize the benefits of AI while staying protected from cyber threats. Staying vigilant is essential, but so is continuous improvement—regularly evaluating emerging threats, updating AI models, and maintaining compliance.</p> </li> <li class="schema-how-to-step" id="how-to-step-1750745579962"><strong class="schema-how-to-step-name"><strong>What role will AI play in the evolution of vulnerability management?</strong></strong> <p class="schema-how-to-step-text">AI-powered tools like AutoSecT can process large volumes of data and code far more efficiently than traditional methods, minimizing false positives and delivering more accurate vulnerability detection and scoring. AutoSecT also supports real-time monitoring, ensuring organizations receive timely and actionable security insights as new risks emerge.</p> </li> </ol> </div><p>The post <a href="https://kratikal.com/blog/role-of-ai-in-vulnerability-management/">Role of AI in Vulnerability Management</a> appeared first on <a href="https://kratikal.com/blog">Kratikal Blogs – Information Hub For Cyber Security Experts</a>.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://kratikal.com/blog/">Kratikal Blogs – Information Hub For Cyber Security Experts</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Shikha Dhingra">Shikha Dhingra</a>. Read the original post at: <a href="https://kratikal.com/blog/role-of-ai-in-vulnerability-management/">https://kratikal.com/blog/role-of-ai-in-vulnerability-management/</a> </p>

New Journalism Curriculum Module Teaches Digital Security for Border Journalists

  • Josh Richman
  • Published date: 2025-06-23 16:00:12

Module Developed by EFF, Freedom of the Press Foundation, and University of Texas, El Paso Guides Students Through Threat Modeling and Preparation SAN FRANCISCO – A new college journalism curriculum module teaches students how to protect themselves and thei…

SAN FRANCISCO A new college journalism curriculum module teaches students how to protect themselves and their digital devices when working near and across the U.S.-Mexico border.  Digital Security 1… [+4308 chars]

A Journalist Security Checklist: Preparing Devices for Travel Through a US Border

  • Guest Author, Dave Maass, Sophia Cope
  • Published date: 2025-06-23 15:31:31

This post was originally published by the Freedom of the Press Foundation (FPF). This checklist complements the recent training module for journalism students in border communities that EFF and FPF developed in partnership with the University of Texas at El P…

This post was originally published by the Freedom of the Press Foundation (FPF). This checklist complements the recent training module for journalism students in border communities that EFF and FPF d… [+10529 chars]

How to check who is using your YouTube TV account and secure your access

  • Efe Udin
  • Published date: 2025-06-23 13:20:51

One of the most popular alternatives to cable is YouTube TV, which offers live channels and on-demand programming for a fixed annual fee. Those who ... The post How to check who is using your YouTube TV account and secure your access appeared first on Gizchin…

One of the most popular alternatives to cable is YouTube TV, which offers live channels and on-demand programming for a fixed annual fee. Those who wish to cut monthly costs without giving up access … [+5945 chars]

Remain code-compliant in a regulated, AI-powered world

  • None
  • Published date: 2025-06-23 00:00:00

None

<div class="col-xs-12 col-sm-9 two2575Right"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="container "> <section class="component-textcomp text-align-left"> <div class="component-text"> <h2 class="title "><span class="text-size-smaller" style="color: #3c3c3c;"> </span></h2> </div> <div class="component-text"> <p>Artificial intelligence (AI) has already transformed software development. The productivity gains that AI coding assistants like ChatGPT, GitHub Copilot, and Amazon CodeWhisperer can deliver are undeniable. However, AI tools bring their own set of challenges, particularly when it comes to maintaining code compliance.</p> <p>AI coding assistants can introduce code defects that impact software reliability, security vulnerabilities, intellectual property (IP) infringement, and more. These risks are especially significant in industries where software quality is paramount due to safety concerns (healthcare, manufacturing, transportation, etc.).</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p>In this blog, you’ll learn some practical ways to maintain code compliance in today’s AI-powered development landscape.</p> <div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="8bab3ce8743694c3aaec4efe-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="8bab3ce8743694c3aaec4efe-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> </div> </section></div> </div> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-top-sm vert-pad-bottom-sm"> <div class="container "> <section class="component-textcomp text-align-left"> <div class="component-text"> </div> <hr class="separator"> </section> </div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="1" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm"> <div class="container "> <section class="component-textcomp text-align-left"> <div class="component-text"> <h2 class="title "><span class="text-size-normal" style="color: #5A2A82;"> Key takeaways </span></h2> </div> <div class="component-text"> <ul> <li>AI code assist tools (Copilot, ChatGPT) boost productivity but introduce defects and vulnerabilities.</li> <li>Studies: GitHub Copilot is inaccurate about 54% of the time; ChatGPT about 35%.</li> <li>Mitigation strategies include code reviews, automated testing, SAST/DAST, compliance checks.</li> <li>Maintain human oversight and leadership to ensure regulatory adherence.</li> <li>Use developer-friendly AppSec tools like Black Duck to shift quality/security left.</li> </ul></div> <div class="buttons align-center"> <a class="component-button primary" href="https://www.blackduck.com/resources/white-papers/automated-static-analysis.html" rel="noreferer noopener">Learn More</a> </div> </section></div> </div> </div> <div class="image aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-md"> <div class="container "> <div class="component-image"> <!-- markup for zoom in/out image--> </div> </div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="2" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-md"> <div class="container "> <section class="component-textcomp text-align-left"> <div class="component-text"> <h2 class="title "><span class="text-size-normal" style="color: #5A2A82;"> Benefits and risks of AI coding assistants </span></h2> </div> <div class="component-text"> <p>For most developers, the productivity benefits of AI coding assistants outweigh potential risks. A recent study revealed that developers using GitHub Copilot benefit from a whopping <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4945566.">26.08% increase in completed tasks</a>. And data scientist Sahin Ahmed found that using the AI coding assistant effectively turns an <a href="https://medium.com/@sahin.samia/can-ai-really-boost-developer-productivity-new-study-reveals-a-26-increase-1f34e70b5341">eight-hour workday into 10 hours of output</a>.</p> <p>The study evaluated the impact of generative AI on software developer productivity via randomized controlled trials at Microsoft, Accenture, and an anonymous Fortune 100 company. It was conducted by researchers at Princeton University, MIT, Microsoft Corp., and the University of Pennsylvania.</p> <p>However, AI coding assistants can also introduce very real risks. A recent <a href="https://arxiv.org/pdf/2304.10778">Bilkent University study</a> revealed that the latest versions of ChatGPT, GitHub Copilot, and Amazon CodeWhisperer generate inaccurate code 34.8%, 53.7%, and 68.9% of the time, respectively. Worse, <a href="https://arxiv.org/pdf/2211.03622">Stanford University research</a> demonstrated that users of AI code assistants “wrote significantly less secure code” but were “more likely to believe they wrote secure code.”</p> <p>Software embedded in many physical products must be exceptionally reliable, because failure could threaten personal safety, property, and the environment. Embedded software may be subject to functional safety regulations as well. Failure to comply with these regulations can have significant legal and financial implications. And defects that result in outages or negatively impact user experience can damage an organization’s reputation and give competitors an advantage.</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="3" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm"> <div class="container "> <section class="component-textcomp text-align-left"> <div class="component-text"> <h2 class="title "><span class="text-size-normal" style="color: #5A2A82;"> Practical mitigation: testing, SAST, DAST and compliance </span></h2> </div> <div class="component-text"> <p>In this landscape, it is essential to take measures to minimize the risks of AI coding assistants. Rigorous testing, validation, and oversight are required to ensure that AI-generated code is reliable and secure. This includes, but is not limited to:</p> <ul> <li><b>Code reviews:</b> Systematic human reviews of AI-generated code to identify potential errors, security flaws, and violations of coding standards<b></b></li> <li><b>Automated testing:</b> Automated unit tests, integration tests, and security scanning to ensure code functionality, identify vulnerabilities, increase developer productivity, and eliminate human error<b></b></li> <li><b>Vulnerability checks:</b> Checks that identify and mitigate vulnerabilities in AI-generated code<b></b></li> <li><b>License and compliance checks:</b> Checks to ensure AI-generated code doesn’t violate any licenses or compliance requirements<b></b></li> <li><b>Static application security testing (SAST):</b> <a href="https://www.blackduck.com/static-analysis-tools-sast.html">Scanning by SAST</a> tools to identify potential security issues or code quality problems before code is executed<b></b></li> <li><b>Dynamic application security testing (DAST): </b><a href="https://www.blackduck.com/dast.html">Scanning by DAST</a> tools to identify runtime errors or unexpected issues in a controlled environment<b></b></li> <li><b>Continuous integration and continuous delivery (CI/CD):</b> Integrating the testing and validation process into the CI/CD pipeline to ensure code changes are automatically checked for errors and vulnerabilities<b></b></li> </ul> <p>Maintaining human oversight and expertise throughout the AI-assisted development process is critical to ensure that code meets a project’s specific needs and standards. Leadership plays a crucial role in this process. When leaders set the tone from the top, it sends a clear message about the importance of code compliance. This approach can help to instill a sense of responsibility and accountability among all team members.</p> <p>Regular training sessions for developers are also required. Compliance training should emphasize continuous learning and cover coding standards, security protocols, data privacy, and ethical guidelines.</p> </div> </section></div> </div> </div> <div class="image aem-GridColumn aem-GridColumn--default--12"> <div class="container "> <div class="component-image"> <!-- markup for zoom in/out image--> </div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="4" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-md"> <div class="container "> <section class="component-textcomp text-align-left"> <div class="component-text"> <h2 class="title "><span class="text-size-normal" style="color: #5A2A82;"> Choosing the right AppSec solution </span></h2> </div> <div class="component-text"> <p>In complex IT environments, AppSec tools that increase visibility into the codebase are essential. By centralizing risk management, development teams gain a clear and comprehensive view of the code, making it easier to identify and address potential issues.</p> <p>When selecting an AppSec solution, look for developer-friendly options that integrate with IDEs, code repositories, and CI/CD pipelines, and support the programming languages, frameworks, and platforms developers use. Black Duck offers solutions that enable development teams to easily</p> <ul> <li>Identify defects early in the development process, when they’re easiest to resolve and before they impact customers<b></b></li> <li>Eliminate critical defects and vulnerabilities to ensure customer safety and comply with regulatory requirements<b></b></li> <li>Identify and mitigate software supply chain vulnerabilities to protect systems and data from being exploited<b></b></li> <li>Prevent legal issues and IP risks by detecting code pulled from software with license obligations, including small snippets</li> </ul></div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="5" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm"> <div class="container "> <section class="component-textcomp text-align-left"> <div class="component-text"> <h2 class="title "><span class="text-size-normal" style="color: #5A2A82;"> Black Duck helps enforce AI-era code compliance </span></h2> </div> <div class="component-text"> <p>Maintaining code compliance in the AI-driven software development landscape demands a proactive approach. By prioritizing quality, security, and regulatory adherence, organizations can build robust, reliable software that meets the highest standards.</p> <p>For more information, check out “<a href="https://www.blackduck.com/resources/white-papers/automated-static-analysis.html">Build Reliability and Security into Your SLDC</a>.” This white paper explores how to ensure your software is free of critical defects, integrate static analysis seamlessly into your SDLC, and accelerate your development velocity.  </p> </div> <div class="buttons align-center"> <a class="component-button primary" href="https://www.blackduck.com/resources/white-papers/automated-static-analysis.html" rel="noreferer noopener">Download the Whitepaper</a> </div> </section></div> </div> </div> <div class="blogsDev aem-GridColumn aem-GridColumn--default--12"> <div class="container "> <section class="cmp-blogsdev"> </section> </div> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.blackduck.com/blog.html">Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Corey Hamilton">Corey Hamilton</a>. Read the original post at: <a href="https://www.blackduck.com/blog/ai-powered-code-compliance-strategies.html">https://www.blackduck.com/blog/ai-powered-code-compliance-strategies.html</a> </p>

Largest DDoS Attack to Date

  • None
  • Published date: 2025-06-23 00:00:00

None

<p>It was a recently unimaginable <a href="https://arstechnica.com/security/2025/06/record-ddos-pummels-site-with-once-unimaginable-7-3tbps-of-junk-traffic/">7.3 Tbps</a>:</p><blockquote> <p>The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It speeds up communications by not formally establishing a connection before data is transferred. Unlike the more common Transmission Control Protocol, UDP doesn’t wait for a connection between two computers to be established through a handshake and doesn’t check whether data is properly received by the other party. Instead, it immediately sends data from one machine to another.</p> <p>UDP flood attacks send extremely high volumes of packets to random or specific ports on the target IP. Such floods can saturate the target’s Internet link or overwhelm internal resources with more packets than they can handle.</p> <p>Since UDP doesn’t require a handshake, attackers can use it to flood a targeted server with torrents of traffic without first obtaining the server’s permission to begin the transmission. UDP floods typically send large numbers of datagrams to multiple ports on the target system. The target system, in turn, must send an equal number of data packets back to indicate the ports aren’t reachable. Eventually, the target system buckles under the strain, resulting in legitimate traffic being denied.</p> </blockquote><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.schneier.com/">Schneier on Security</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Bruce Schneier">Bruce Schneier</a>. Read the original post at: <a href="https://www.schneier.com/blog/archives/2025/06/largest-ddos-attack-to-date.html">https://www.schneier.com/blog/archives/2025/06/largest-ddos-attack-to-date.html</a> </p>

OpenAI Used Globally for Attacks – FireTail Blog

  • None
  • Published date: 2025-06-23 00:00:00

None

<p>Jun 23, 2025 – – In 2025, virtually no one is a stranger to OpenAI’s ChatGPT. It is one of the most popular AI applications on the Internet, and almost everyone is using it from your boss, to your neighbor, to the passive-aggressive friend sending you oddly phrased text messages.But since it is relatively new, researchers are always finding new vulnerabilities in ChatGPT, including ways it can be exploited by bad actors.Social EngineeringOn the social engineering side, bad actors figured out how to automate resume generation, simulate live interviews and configure remote access for deceptive employment schemes.They also were able to craft personas which could translate outreach for espionage, mimic journalists and think-tank analysts in order to extract information from targets. Malware and HackingBad actors could build malware by troubleshooting Go-based implants, evading Windows Defender, and configuring stealthy C2 infrastructure.They could also execute automated recon, penetration testing scripts, C2 (Command and Control server) configurations and social media botnet management using ChatGPT. Below are a few examples of ways bad actors have been using ChatGPT for their benefit.Propaganda/InfluenceChatGPT could generate propaganda on platforms like TikTok, X, Telegram, and more with fake personas and often fake engagement. The themes of the propaganda ranged from geopolitical agendas to US polarization and election interference in Germany, et cetera.ScamsScammers also used ChatGPT to aid in scam messaging, creating scams where victims would be lured into fake jobs with false promises of high pay that would turn out to extort them.AI Use AttributionThe following table shows a breakdown of the bad actors who were using ChatGPT for different malicious purposes. Some uses were from known adversaries Russia, China, Iran, and North Korea, while others were from Cambodia and the Philippines.TakeawaysUnfortunately, this is likely only the beginning of bad actors using ChatGPT for their purposes. As AI continues to advance, we can only expect hackers to continue to find new ways to exploit it. And with AI security still being relatively new, staying on top of these rising attacks is increasingly difficult.To see how FireTail can help with your own AI Security, schedule a demo or start a free trial today. </p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.firetail.ai">FireTail - AI and API Security Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by FireTail - AI and API Security Blog">FireTail - AI and API Security Blog</a>. Read the original post at: <a href="https://www.firetail.ai/blog/openai">https://www.firetail.ai/blog/openai</a> </p>

Optimistic About Cloud Compliance? Boost It with NHIs

  • None
  • Published date: 2025-06-23 00:00:00

None

<h2>Are You Truly Harnessing the Power of NHIs for Cloud Compliance?</h2><p>My professional journey has revealed a critical, yet often overlooked, component of cloud compliance – the effective management of Non-Human Identities (NHIs). NHIs, the machine identities used in cybersecurity, are the unsung heroes of compliance and security. Yet, one can’t help but wonder, are organizations truly leveraging NHIs to the best of their ability in this age of growing cloud data ecosystems?</p><h2>Shining the Spotlight on Non-Human Identities</h2><p>NHIs are machine identities created by combining a unique, encrypted “Secret” (akin to a passport) and permissions granted by a destination server (a visa, if you will). Securing these NHIs and their secrets involves protecting both the identities (the “tourist”) and their access credentials (the “passport”), and continuously overseeing the behaviors. This holistic approach to securing machine identities and secrets manages every stage of their lifecycle, ensuring comprehensive and foolproof security.</p><p>Crucially, successful NHI management offers numerous benefits, like reducing security risks, improving regulatory compliance, enhancing visibility and control, and ultimately saving operational costs. However, the most significant impact lies in its ability to boost cloud compliance—an area of increasing concern for many organizations.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><h2>How NHIs Elevate Cloud Compliance</h2><p>Cloud compliance is a complex terrain, marked by evolving regulations, growing data volumes, and the heightened need for security. Yet, NHIs offer a unique tool for navigating. Here’s how:</p><h3>Reduced Risk</h3><p>By identifying and mitigating security risks proactively, NHI management minimizes the likelihood of breaches and data leaks. This risk reduction is invaluable for organizations aiming for robust cloud compliance.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="cb6e388b44f17d046179310b-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="cb6e388b44f17d046179310b-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><h3>Improved Compliance Standards</h3><p>NHI management offers policy enforcement and audit trails, significantly aiding in meeting regulatory requirements. NHIs can be the cornerstone of a robust compliance strategy.</p><h3>Increased Efficiency and Visibility</h3><p>Through automation, NHI management alleviates the burden of manual operations, freeing security teams to focus on strategic initiatives. Plus, it offers a centralized view for seamless access management and governance—an invaluable feature for ensuring cloud compliance.</p><h2>Making NHIs a Crucial Component of Your Cloud Compliance Strategy</h2><p>Given their potential, NHIs should be at the forefront of every organization’s cloud compliance strategy. However, embracing NHIs requires an understanding of their strategic importance, backed by a commitment to implementing a comprehensive management approach.<br> This post beneficial to consult trusted cybersecurity resources <a href="https://entro.security/blog/secrets-security-in-hybrid-cloud-environments/">secrets security</a>, to equip yourself with the best practices.</p><p>The increased reliance on cloud technologies has amplified the importance of cloud compliance. By making NHIs a central part of your cloud security and compliance strategy, you can not only streamline data management but also protect your organization from security threats. If you’re optimistic about bolstering your cloud compliance, it’s time to harness the power of NHIs!</p><h2>NHIs: An Undervalued Asset in Achieving Cloud Compliance</h2><p>Have organizations fully recognized the potential of NHIs in achieving secure cloud compliance? Perhaps not, in many cases. While NHI management has demonstrated significant implications for cloud security and compliance, the role of NHIs is sometimes underutilized. Much like an uncashed check, NHIs hold significant value, yet remain untapped often due to a lack of understanding or awareness.</p><p>Nonetheless, with the ongoing digitalization and the consequent rise in data volume, NHIs have transitioned from being a secondary consideration to an indispensable part of a secure cloud environment. When appropriately managed, NHIs can effectively mitigate security risks, uphold compliance standards, enhance system visibility, and elevate overall security efficiency.</p><h3>Unlocking the Potential of NHIs</h3><p>Unlocking the potential value of NHIs requires optimal management. The goal isn’t merely to control NHIs but to manage them strategically and systematically. This can involve updating NHIs’ permissions to align with the changing business environment, automating secrets rotation, or performing a thorough audit to ensure regulatory compliance.</p><p>Additionally, organizations can turn to advanced data management solutions that offer comprehensive insights into ownership, permissions, usage patterns, and potential vulnerabilities of NHIs. Such solutions enable data-driven decisions, aiding in creating robust cybersecurity strategies. They not only strengthen NHIs management but also contribute to the overall operational efficiency, cost-effectiveness, and robustness of IT governance in organizations.</p><p>It’s indeed pertinent to mention that <a href="https://entro.security/blog/entro-joins-the-silverfort-isa">some innovative solutions are rapidly emerging</a>, offering advanced capabilities for effective management of NHIs and enhancing cloud security.</p><h2>Moving Towards a Mature Approach</h2><p>While the strategic adoption of NHIs is a crucial step forward, maintaining cloud compliance goes far beyond initial implementation. Organizations must ensure that their approach to NHI management evolves along with the changing technology landscape and stringent regulatory requirements.</p><p>This necessitates periodic review and adjustment of policies, NHI discovery and classification, threat detection, and remediation strategies. With new vulnerabilities are detected and older ones are addressed, the tactics for NHIs management need to adapt. For organizations to achieve robust cloud compliance, a dynamic and mature approach towards NHI management is non-negotiable.</p><p>Understanding the criticality of NHIs in ensuring cloud compliance is a vital first step. But following this realization with action is what differentiates a mature security posture. Remember, NHIs are only as powerful as the strategy that governs them.</p><h2>Fostering a Culture of Security</h2><p>While the technicalities of NHI management are undeniably important, the human element is equally crucial to achieving cloud compliance. A meaningful shift towards secure cloud compliance requires fostering a culture of security within the organization where everyone understands and values cyber hygiene.</p><p>Just as vacationing tourists are educated about the importance of keeping their passports secure, stakeholders across the organization must comprehend the importance of securing NHIs. After all, NHIs are the ‘passport holders’ navigating through the cloud environment.</p><p>To foster such a culture, organizations could leverage engaging and data-driven resources, like this post on <a href="https://entro.security/blog/prioritization-of-nhi-remediation-in-cloud-environments-2/">prioritization of NHI remediation</a>, to equip team members with the necessary knowledge and insights.</p><h2>A Forward-Looking Approach</h2><p>Identifying the role of NHIs in securing cloud compliance is only the beginning. What shapes the future are the actions taken in response to this understanding. Through a comprehensive and streamlined approach to NHI management, organizations can harness the power of NHIs, ensuring secure cloud compliance and safeguarding against potential threats.</p><p>This enlightening write-up further reinforces the importance of adopting a forward-looking and resilient approach towards managing NHIs.</p><p>With organizations continue to increasingly rely on digital solutions, it is imperative to make NHIs a central part of their cloud security strategy. This is crucial not only for streamlining data management but also for effectively safeguarding against security threats.</p><p>With a pragmatic and proactive approach, organizations can certainly harness the optimal power of NHIs for secure cloud compliance.</p><p>The post <a href="https://entro.security/optimistic-about-cloud-compliance-boost-it-with-nhis/">Optimistic About Cloud Compliance? Boost It with NHIs</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/optimistic-about-cloud-compliance-boost-it-with-nhis/">https://entro.security/optimistic-about-cloud-compliance-boost-it-with-nhis/</a> </p>

Bulletproof Security Workflows with Grip’s Jira Integration

  • None
  • Published date: 2025-06-23 00:00:00

None

<div class="rich-text-3 w-richtext" morss_own_score="5.779141104294478" morss_score="106.55459018485983"> <p>Security teams are all too familiar with the risk mitigation drill: <a href="https://www.grip.security/platform/discover-saas-risks">discover risky SaaS</a>, <a href="https://www.grip.security/platform/evaluate-saas-risks">evaluate it</a>, contain it if necessary, and close the loop. But what happens when part of that loop relies on someone replying to an email, noticing a Slack message, or taking action outside of their normal workflow? </p> <p>That’s often where SaaS security workflows break down. </p> <p>The biggest problem we’ve seen isn’t a lack of automation; it’s a breakdown in follow-through. Tasks fall through the cracks. End-user justifications get missed. Risk reviews stall. And often, it’s not because teams aren’t doing their jobs, it’s because they’re being asked to do them outside of the tools they’re accustomed to using for tracking and resolving tasks. </p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p>That’s why we built the Jira integration directly into Grip’s <a href="https://www.grip.security/blog/policy-center-customizable-workflows">customizable workflows and policy center</a>: so follow-up tasks are created automatically and routed to where work already happens, keeping SaaS security in motion. </p> <h2>Making Security Workflows Work Harder for You </h2> <p>Every time a new SaaS app enters the environment without visibility, the window to respond starts narrowing. The sooner it’s reviewed, justified, or remediated, the lower the risk—and the smoother your governance process. </p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="44e7448dbe2bfc63bf43dde8-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="44e7448dbe2bfc63bf43dde8-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> <p>You might already have workflows in place that flag these events and request justification from users. But without clear ownership and a built-in path for follow-up, even the best workflows can stall before action is taken. </p> <p>We’ve heard from many security teams, “We’ve automated the workflows, but we still don’t trust they’ll be completed.” </p> <blockquote><p>“We’ve automated the workflows, but we still don’t trust they’ll be completed.” </p></blockquote> <p>That’s exactly the gap Grip’s Jira integration is built to close. It turns detection into structured follow-through by automatically creating a Jira ticket, populated with the right context, assigned ownership, and a direct link back to the original workflow. No additional dashboards, no manual nudging, no guessing who’s responsible. </p> <h2>Bringing SaaS Security Tasks into Jira Automatically </h2> <p>With Grip’s Jira integration, any workflow in our platform can now trigger a fully populated Jira ticket, routed to the right team, with all relevant context attached. That can include: </p> <ul> <li>The detected app or identity risk </li> </ul> <ul> <li>The assignee and reporter </li> </ul> <ul> <li>A description of the issue or request  </li> </ul> <ul> <li>A direct link to the original workflow in Grip </li> </ul> <p>You decide where the Jira block goes in your Grip workflow: </p> <ul> <li>Right after a new app is detected </li> </ul> <ul> <li>When an end user doesn’t respond in time </li> </ul> <ul> <li>When a condition fails </li> </ul> <ul> <li>When a workflow doesn’t complete as expected </li> </ul> <p>However your team works, you can design workflows that guarantee next steps are tracked, visible, and acted on, without reinventing your process. No more guesswork if a task was completed; know with certainty. </p> <h2>The Impact of Grip’s Jira Integration: Efficiency, Accountability, and No Missed Steps </h2> <p>Cleaner workflows result in a more reliable, responsive, and resilient SaaS security program. By embedding follow-up directly in <a href="https://www.atlassian.com/software/jira">Jira</a>, you’re not adding steps; you’re removing friction, clarifying ownership, embedding accountability, and accelerating outcomes. </p> <p>Here’s what that means for your team: </p> <p><strong>Improved operational efficiency:</strong> Tasks are now centralized in Jira, where work is prioritized. </p> <p><strong>Fewer gaps in SaaS governance:</strong> Unanswered justifications and missed approvals are visible. </p> <p><strong>Faster time-to-remediation:</strong> Issues are resolved in real time, with built-in ownership from the start. </p> <p><strong>Reduced dashboard fatigue:</strong> You’re not introducing a new UI; you’re plugging into one your teams already trust. </p> <p>See how the Grip-Jira integration works in this self-guided tour: </p> <p>‍</p> <p>‍</p> <h2>Proof in Practice: What Resilient Workflows Look Like </h2> <p>During beta testing of our Jira integration, one Grip customer was running a standard offboarding workflow. When an employee left the company, the workflow was supposed to send a notification requesting a final justification for a set of unsanctioned apps. </p> <p>But there was a snag; the user’s mailbox had already been deactivated, and the workflow step that relied on email quietly failed. In many systems, that would have been the end of the story. No alert, no task, no resolution. </p> <p>Instead, because they’d enabled fallback ticketing in Grip’s Jira integration, a follow-up task was automatically created and routed to the right team. The issue was flagged, reviewed, and closed—without anyone chasing it down manually. </p> <p>The security team later told us: <em>“I would’ve missed this completely if that ticket hadn’t been opened.”</em> </p> <p>That’s exactly why we built this new Jira integration. Not just to automate the ideal path, but to protect against the messy, unpredictable realities of modern IT. Because when it comes to SaaS security, resilience means follow-through, even when things don’t go as planned. </p> <h2>Under the Hood: Built for Flexibility, Designed for Scale </h2> <p>We designed the Jira integration to meet teams where they are, no matter how their processes are structured. </p> <ul> <li><strong>Insertable Jira blocks</strong> at any point in a workflow </li> </ul> <ul> <li><strong>Custom field mapping</strong> to match different Jira environments </li> </ul> <ul> <li><strong>Support for multiple projects and routing logic</strong> </li> </ul> <ul> <li><strong>No-code setup</strong> with rich, pre-populated context </li> </ul> <p>Whether you’re triggering tickets after detection, post-justification, or anywhere in between, the Jira integration adapts to your process, not the other way around. </p> <p>And while we’ve prioritized speed to value with this release, we’re already planning deeper support for Jira features like comments, attachments, and advanced automation so your workflows scale right alongside your maturity. </p> <h3>Ready to Strengthen Your SaaS Security Workflows? </h3> <p>If you’re already using Grip, your Customer Success Manager can help you turn on Jira integration, build new workflow patterns, and identify where to embed follow-through. </p> <p>If you’re exploring SaaS security platforms and automationa, request a demo to see how Grip helps security teams effectively detect, respond, and follow through, without requiring more dashboards or manual effort. <a href="https://www.grip.security/demo?utm_source=web&amp;utm_medium=blog&amp;utm_campaign=content">Book time with our team now</a>. </p> <p>‍</p> </div><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.grip.security">Grip Security Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Grip Security Blog">Grip Security Blog</a>. Read the original post at: <a href="https://www.grip.security/blog/grip-jira-integration-bulletproof-security-workflows">https://www.grip.security/blog/grip-jira-integration-bulletproof-security-workflows</a> </p>

LinuxFest Northwest: Applying The Hybrid Threat Modeling Method

  • None
  • Published date: 2025-06-23 00:00:00

None

<p></p><center data-preserve-html-node="true">Author/Presenter: Chris Beckman (Principal Security Engineer At Taxbit) <p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/ltD7Ysq0whc?si=ILVywHCmtw-qlMxh" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p>Our sincere appreciation to <strong><a href="https://www.linuxfestnorthwest.org/">LinuxFest Northwest</a></strong> (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb <strong><a href="https://www.youtube.com/playlist?list=PLjDc7gDlIASRAcG0cxWYOnNGwFnykUMNZ">LinuxFest Northwest 2025</a></strong> video content. Originating from the conference’s events located at the <strong><a href="https://www.btc.edu/">Bellingham Technical College in Bellingham, Washington</a></strong>; and via the organizations <strong><a href="https://www.youtube.com/@LinuxFestNorthwest">YouTube</a></strong> channel. </p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p>Thanks and a Tip O’ The Hat to <strong><a href="https://www.verificationlabs.com/trey.html">Verification Labs</a></strong> :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the <strong><a href="https://www.linuxfestnorthwest.org/">LinuxFest Northwest</a></strong> conference.</p> <p></p></center></center><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="c42f8a2be0230731bce38cdc-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="c42f8a2be0230731bce38cdc-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><a href="https://www.infosecurity.us/blog/2025/6/23/linuxfest-northwest-applying-the-hybrid-threat-modeling-method">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/ltD7Ysq0whc?si=ILVywHCmtw-qlMxh">https://www.youtube-nocookie.com/embed/ltD7Ysq0whc?si=ILVywHCmtw-qlMxh</a> </p>

Gain Confidence in Your IAM Strategy with NHIs

  • None
  • Published date: 2025-06-23 00:00:00

None

<h2>Why is Confidence in Security the Cornerstone for an Effective IAM Strategy?</h2><p>Confidence in security, particularly in Identity and Access Management (IAM), is essential for any organization where data breaches and cyber threats are commonplace. The question is, how can you build such confidence? The answer lies in understanding and effectively managing Non-Human Identities (NHIs) as part of your IAM strategy.</p><p>Security professionals are increasingly acknowledging the importance of NHIs, machine identities used in cybersecurity that are created by combining a “Secret” and the permissions granted to that Secret. But how can we harness NHIs in a way that instills confidence in our IAM strategy?</p><h2>Overcoming the Disconnect: NHIs and Secrets Management</h2><p>A significant cause for concern in many organizations is the disconnect between security and R&amp;D teams, which often leads to security gaps. This disconnect can be particularly challenging for organizations working.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>However, effective NHI and Secrets management can bridge this gap. This process secures both the identities (the “tourist”) and their access credentials (the “passport”) while keeping an eye on their behaviors within the system. By addressing all lifecycle stages from discovery and classification to threat detection and remediation, NHI management offers a holistic approach that goes beyond point solutions like secret scanners.</p><p>Through comprehensive <a href="https://entro.security/blog/secrets-security-in-hybrid-cloud-environments/" rel="noopener">NHI and Secrets management</a>, you can glean insights into ownership, permissions, usage patterns, and potential vulnerabilities. As a result, your IAM strategy becomes context-aware and significantly more robust.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="7ca4bdcfe62315ff636bc497-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="7ca4bdcfe62315ff636bc497-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><h2>Unlock the Benefits of Effective NHI management</h2><p>Implementing an effective NHI management approach as part of your IAM strategy can deliver several benefits:</p><p>– <b>Reduced Risk:</b> Proactively identifying and mitigating security risks helps reduce the likelihood of breaches and data leaks.<br> – <b>Improved Compliance:</b> Meeting regulatory requirements becomes easier through policy enforcement and audit trails.<br> – <b>Increased Efficiency:</b> By automating NHIs and secrets management, security teams can focus on strategic initiatives.<br> – <b>Enhanced Visibility and Control:</b> A centralized view for access management and governance becomes achievable.<br> – <b>Cost Savings:</b> Operational costs decrease through automation of secrets rotation and NHIs decommissioning.</p><p>In essence, managing NHIs is at the core of building confidence in security. By systematically addressing the gaps that often arise between security and development teams, businesses can build a robust IAM strategy that stands the test of time.</p><h2>Adapting to an Evolving Cybersecurity Landscape</h2><p>Cybersecurity is turbulent and unpredictable. Keeping up with this constant change can be daunting, and your IAM strategy needs to be flexible enough to adapt. Even more crucially, it should instill a sense of confidence in your organization’s security posture.</p><p>NHI management holds the key to such adaptability. <a href="https://entro.security/blog/agentic-ai-owasp-research/" rel="noopener">It is a data-driven approach</a> that reflects the evolving nature of threats and vulnerabilities, thereby fortifying your IAM strategy.</p><h2>Looking Ahead: Strengthen Your IAM Strategy with NHIs</h2><p>It’s clear that NHIs have a pivotal role in forming a resilient IAM strategy. By fostering a robust and adaptive approach to NHI management, you can build and maintain trust in your organization’s security protocols.</p><p>Bearing in mind the potential benefits, the integration of NHIs into your IAM strategy is not merely an option; it’s an imperative. After all, confidence in security is the cornerstone of an effective IAM strategy.</p><p>To further understand how to integrate NHIs into your security setup, explore more about <a href="https://entro.security/blog/entro-wiz-integration/" rel="noopener">NHI integration</a> and its role in elevating your organization’s security stance.</p><h2>Unleashing the Power of NHIs</h2><p>The power of NHIs, when properly managed and secured, is unquestionable. Their role in IAM strategy transcends traditional set-ups to establish more secure operational frameworks. They enhance monitoring capabilities of end-to-end processes, allowing for more comprehensive, real-time evaluation.</p><p>Securing NHIs means securing your organizational data, therefore their management should be a primary concern. However, not all organizations realize the severity or potential implications and may inadvertently overlook this aspect – a misstep that could lead to catastrophic consequences.</p><h2>Shattering the Silos: Bridging the Gap between Security and Development Teams</h2><p>A crucial step in enhancing your IAM strategy is shattering the silos that traditionally keep security and development teams apart. Effective management of NHIs often requires collaboration across teams with diverse skill sets.</p><p>By fostering regular communication and adopting a holistic approach to security, organizations can help ensure seamless integration of NHI management into the IAM strategy. This integration not only strengthens the defense against potential breaches but also promotes a culture of cross-departmental collaboration, which significantly enhances operational efficiency.</p><h2>Evolving with the Times: A Continuous Improvement Approach</h2><p>Resting on your laurels is not an option. A robust IAM strategy is iterative and constantly evolves to stay ahead of ever-changing threats. Along these lines, NHI management should also be seen as a continuous improvement process.</p><p>A static IAM strategy can quickly become obsolete. Therefore, continuously evaluating, improving, and refining your NHI management practices becomes essential—as does staying abreast of industry best practices and trends.</p><h2>When Trust Is No Longer Enough</h2><p>While trust is integral to any business, it’s no longer enough. This is especially the case when considering the management of NHIs. Although trust is the foundation on which many security processes are built, we need more than trust when it comes to NHIs. We require rigorous protocols and control mechanisms to monitor and manage these identities effectively.</p><p>Here lies the significant role of a robust NHI management protocol. By offering stringent management measures, it enhances the overall security posture of an organization and helps to cultivate a culture where trust is fortified by consistent, demonstrable security practices.</p><h2>The Road Less Taken: The Urgency for a Paradigm Shift</h2><p>it’s high time organizations re-evaluate their approach to cybersecurity. A paradigm shift is required – one where the management of NHIs is recognized as a fundamental aspect of an effective IAM strategy, not an afterthought.</p><p>Embracing this shift can better prepare organizations for unpredictable cyber threats, ensuring their IAM strategy remains resilient despite changing. It’s about looking at security with fresh eyes, realizing that NHIs, when comprehensively managed, can significantly contribute to the overall security of an organization.</p><p>Investing in the rigorous management of NHIs as part of an integral IAM protocol could be the margin your organization requires to remain secure. Explore more about <a href="https://entro.security/blog/cybersecurity-predictions-2025/" rel="noopener">the future of cybersecurity</a> to stay ahead of the curve. By ensuring that NHI management is part and parcel of your IAM strategy, the foundation for confidence in your organization’s security is successfully laid and maintained. Thus, indeed confirming that confidence in security truly is the cornerstone of an effective IAM strategy.</p><p>The post <a href="https://entro.security/gain-confidence-in-your-iam-strategy-with-nhis/">Gain Confidence in Your IAM Strategy with NHIs</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/gain-confidence-in-your-iam-strategy-with-nhis/">https://entro.security/gain-confidence-in-your-iam-strategy-with-nhis/</a> </p>

Keeping Your Cloud Data Safe with Better NHI Practices

  • None
  • Published date: 2025-06-23 00:00:00

None

<h2>Can we redefine cloud data safety?</h2><p>The increased shift to the cloud has expanded the playing field for cyber threats. This amplifies the urgency for superior security strategies, with Non-Human Identities (NHIs) and Secrets Management playing critical roles. But is enough being done to fortify cybersecurity protocols for NHIs? Are effective NHI practices being observed?</p><h2>Non-Human Identities: An Underestimated Element of Cybersecurity</h2><p>Modern cybersecurity environments are teeming with NHIs, machine identities such as applications, services, and servers that interact within and outside your network. Each of these NHIs requires a unique identifier akin to a passport, known as a ‘Secret’. The Secret, coupled with the permissions granted to it by a server, form the basis of NHI functionalities.</p><p>However, managing NHIs and their secrets isn’t as easy as simply issuing passports and visas. It is a meticulous process that involves securing both the identities and their access credentials, as well as continually monitoring their behaviours within the network.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><h3>Establishing a Comprehensive Strategy</h3><p>Implementing a fail-safe NHI management strategy requires an integrated approach that goes beyond resolving individual issues. Unlike reactive tools like secret scanners, a holistic NHI management platform offers a whole spectrum of protection and insights. This includes ownership details, permissions, usage patterns, and potential vulnerabilities, thereby facilitating context-aware security.</p><h2>Are your NHI practices paying off?</h2><p>When carried out effectively, NHI management offers numerous benefits. Firstly, it helps reduce risk by proactively identifying and mitigating security risks, thereby minimizing chances of breaches and data leaks. Secondly, it aids in adherence to regulatory requirements through robust policy enforcement and comprehensive audit trails.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="0f384fbc1db44380f4d59cb2-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="0f384fbc1db44380f4d59cb2-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p>NHI management also promotes productivity by automating essential processes, freeing security teams to focus on strategic initiatives. Moreover, it enhances visibility and control by providing a centralized view for access management and governance while lowering operational costs by automating secrets rotation and NHIs decommissioning.</p><h3>Reimagining Cloud Data Safety</h3><p>But the question remains: Can cloud data safety truly be reimagined through improved NHI practices? The answer lies in understanding the symbiotic relationship between NHI management and other cybersecurity measures. The integration of NHI management into your overall cybersecurity strategy is instrumental in creating a more secure cloud.</p><h2>Looking into the Future of NHI Practices</h2><p>Looking into the future, the role of NHIs in cybersecurity will only become more critical as organizations continue to rely on the cloud more heavily. By recognizing the strategic importance of NHI management, organizations can be better equipped to mitigate security risks.</p><p>To truly optimize NHI practices, a commitment to continuous learning and improvement is crucial. Stay informed about the latest trends and developments, and proactively adjust NHI practices to cater to emerging challenges. In a <a href="https://entro.security/blog/cybersecurity-predictions-2025/" rel="noopener">recent blog post</a> on our site points out, cybersecurity is rapidly changing, and staying ahead of the curve is key to ensuring cloud data safety.</p><h2>Disrupting the Cybersecurity Landscape with NHI</h2><p>When we progress into an era marked by increased dependency on cloud systems, optimized NHI practices will be vital to ensuring data security. By adopting an all-encompassing approach to managing NHIs and Secrets, organizations can redefine the way they safeguard sensitive information in the cloud.</p><p>NHI management doesn’t have to be daunting. With the right tools, resources, and strategy, you can fortify your cybersecurity infrastructure. By embracing the benefits of a holistic approach to managing NHIs, your organization can ensure the safety of your cloud data. And as you venture forward, remember, the future of cybersecurity is not just about staying protected, but staying ahead.</p><h2>Can existing security protocols bridge the gaps?</h2><p>The digital transformation wave and the rush to leverage cloud technology have been monumental. While these advances have provided companies with infinite potential, they’ve also expanded the attack surface and possibilities for breaches. Misconfiguration and unauthorized access to cloud servers often expose sensitive data, with NHIs forming a crucial link in the chain. However, standard security checks and measures often overlook non-human identities, leading to a significant blind spot.</p><p>A surge in cyber threats requires innovative tools and measures to shore up defenses and pay sufficient attention to NHIs and secrets management. Frequently, standard cybersecurity measures center on human identities, leaving NHIs as the weak chain in your security infrastructure.</p><h2>Let’s Talk About The Elephant In The Room</h2><p>Privileged access is the target. Attackers seek out the ‘secrets’ or credentials that allow them access to systems, applications, and data. Often these threats go undetected as traditional security solutions are not equipped to monitor and manage NHIs.</p><p>Therefore, the proactive management of NHIs is imperative and could be the missing piece in your cybersecurity puzzle. When managed effectively, NHIs can contribute to a solid defense structure and act as a robust line of defense against cyber threats.</p><h2>Kickstarting Your NHI Revolution</h2><p>The efficient management of NHIs must begin by identifying and classifying these identities, understanding their role, and the level of access they have within your infrastructure.</p><p>A <a href="https://entro.security/blog/non-human-identities-discovery-and-inventory/" rel="noopener">thorough inventory of NHIs</a> can streamline the management process, improving visibility and control. An inventory will help identify unused or redundant NHIs which can be decommissioned, thereby reducing the attack surface and potential risk.</p><h2>Monitor, Detect, Act: A Triad for NHI Management</h2><p>Security does not end with the provision of access – it is an ongoing process. Just as it is vital to monitor human user activities, it is equally important to track NHIs’ actions. Observing usage patterns gives insights, allowing your IT team to set up anticipated movement routes and enabling immediate alert triggers should an identity deviate from its usual path.</p><p>The ability to detect unusual behavior can curtail a security breach in its infancy. Proactive management of NHIs, therefore, reduces the risk, saves costs, and allows for immediate action.</p><h2>Stay Ahead of the Game with Effective NHI Practices</h2><p>Traditional cybersecurity measures may not be adequate. A <a href="https://entro.security/blog/how-phishing-targets-nhis/" rel="noopener">heightened focus on NHIs</a> will augment your security architecture, further safeguarding your cloud data.</p><p>By incorporating a rigorous and holistic approach to NHI management and secret security, businesses can effectively mitigate risks and optimize security. The firmly integrated NHI management and secret security bring about a revolution in cybersecurity practices, disrupting and reimagining cloud data safety.</p><h2>Evolving with the Changing Cybersecurity Landscape</h2><p>With the future ushers in more sophisticated and stealthier cyber threats, the management and regulation of NHIs and secrets assume paramount importance. The ability to stay ahead in the game, while optimizing NHI practices, will significantly influence an organization’s resilience against cyber threats.</p><p>Despite the rapidly evolving challenges within cybersecurity, education, awareness, and dedication to continued learning will ensure you are well-positioned to safeguard your organization’s cloud data. By understanding, embracing, and integrating NHI management into the core of cybersecurity strategies, businesses can thrive, staying protected and more importantly, staying ahead.</p><p>The post <a href="https://entro.security/keeping-your-cloud-data-safe-with-better-nhi-practices/">Keeping Your Cloud Data Safe with Better NHI Practices</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/keeping-your-cloud-data-safe-with-better-nhi-practices/">https://entro.security/keeping-your-cloud-data-safe-with-better-nhi-practices/</a> </p>

LinuxFest Northwest: Barbie’s Journey – A CI/CD Tale Of Transformation

  • None
  • Published date: 2025-06-23 00:00:00

None

<p></p><center data-preserve-html-node="true">Authors/Presenters: Autumn Nash (Product Manager At Microsoft, Specializing In Linux Security)<br> Kerri-Leigh Grady (Solutions Architect At AWS) <p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/HiuR63nfHbE?si=d8lry5joKCI09FY9" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p>Our sincere appreciation to <strong><a href="https://www.linuxfestnorthwest.org/">LinuxFest Northwest</a></strong> (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb <strong><a href="https://www.youtube.com/playlist?list=PLjDc7gDlIASRAcG0cxWYOnNGwFnykUMNZ">LinuxFest Northwest 2025</a></strong> video content. Originating from the conference’s events located at the <strong><a href="https://www.btc.edu/">Bellingham Technical College in Bellingham, Washington</a></strong>; and via the organizations <strong><a href="https://www.youtube.com/@LinuxFestNorthwest">YouTube</a></strong> channel. </p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p>Thanks and a Tip O’ The Hat to <strong><a href="https://www.verificationlabs.com/trey.html">Verification Labs</a></strong> :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the <strong><a href="https://www.linuxfestnorthwest.org/">LinuxFest Northwest</a></strong> conference.</p> <p></p></center></center><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="ef834910545dc58fa619072e-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="ef834910545dc58fa619072e-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><a href="https://www.infosecurity.us/blog/2025/6/23/linuxfest-northwest-barbies-journey-a-cicd-tale-of-transformation">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/HiuR63nfHbE?si=d8lry5joKCI09FY9">https://www.youtube-nocookie.com/embed/HiuR63nfHbE?si=d8lry5joKCI09FY9</a> </p>

1inch rolls out expanded bug bounties with rewards up to $500K

  • None
  • Published date: 2025-06-23 00:00:00

None

<p><span><strong>DUBAI, United Arab Emirates, June 23rd, 2025, CyberNewsWire</strong></span></p><p></p><ul> <li>Five dedicated bug bounty programs upgraded across 1inch core components, including smart contracts, wallet and infrastructure.</li> <li>A community-first approach to strengthening DeFi security and resilience.</li> </ul><p><a target="_blank" rel="nofollow noopener" href="https://1inch.io/">1inch</a>, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>As DeFi continues to mature, so does the interdependence and complexity of its protocols – as well as the potential for vulnerabilities that are yet to be discovered. From smart contract exploits to infrastructure-level weaknesses, projects must contend with an ever-widening attack surface. By leveraging the efforts of the global white-hat hacker and security researcher community, 1inch aims to strengthen its architecture and encourage responsible disclosure.</p><p><strong>Community-Driven Security at Scale</strong></p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="8fea42e2cb9c79c31d551901-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="8fea42e2cb9c79c31d551901-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p>Each of the following bounty programs has a clearly defined scope and multi-tiered rewards to encourage maximum participation and impact:</p><p><strong>Bug bounty program 1: 1inch smart contracts – rewards of up to $500,000</strong></p><p>The 1inch ecosystem is built on interconnected smart contracts that aggregate liquidity from various decentralized exchanges to execute optimal token swaps. A detailed explanation of the program and rewards is available <a target="_blank" rel="nofollow noopener" href="https://hackenproof.com/programs/1inch-smart-contract">here</a>.</p><p><strong>Bug bounty program 2: 1inch Wallet – rewards of up to $100,000</strong></p><p>This bounty program is centered on possible vulnerabilities in 1inch Wallet, a multi-chain non-custodial DeFi crypto wallet with an easy interface for secure storage and transactions. A detailed explanation of the program and rewards is available <a target="_blank" rel="nofollow noopener" href="https://hackenproof.com/programs/1inch-wallet">here</a>.</p><p><strong>Bug bounty program 3: 1inch Developer Portal – rewards of up to $100,000</strong></p><p>The focus of this bounty program is the 1inch Developer Portal, a Web3 cloud SaaS (software as a service) platform featuring multiple APIs. A detailed explanation of the program and rewards is available <a target="_blank" rel="nofollow noopener" href="https://hackenproof.com/programs/1inch-devportal">here</a>.</p><p><strong>Bug bounty program 4: 1inch dApp – rewards of up to $50,000</strong></p><p>The 1inch dApp is the No. 1 DeFi aggregator, offering access to the deepest liquidity and the best token swap rates on various DEXes. Its unique features include partial fill and the ability to find the best swap paths across multiple liquidity sources. A detailed explanation of the program and rewards is available <a target="_blank" rel="nofollow noopener" href="https://hackenproof.com/programs/1inch-web">here</a>.</p><p><strong>Bug bounty program 5: 1inch infrastructure – rewards of up to $20,000</strong></p><p>This program focuses on identifying vulnerabilities that impact the 1inch platform’s overall infrastructure, complementing product-specific programs that are described above. A detailed explanation of the program and rewards is available <a target="_blank" rel="nofollow noopener" href="https://hackenproof.com/programs/1inch-infrastracture">here</a>.</p><p><strong>Sergej Kunz, Co-founder of 1inch, said</strong> “Through our new bug bounty programs, we invite external experts and white-hats to test the strength of our defenses. Even the most skilled in-house security teams, such as ours, can benefit from fresh perspectives. Better to pay bounties than pay for breaches.”</p><p><strong>About 1inch</strong></p><p><a target="_blank" rel="nofollow noopener" href="https://1inch.io/">1inch </a>accelerates decentralized finance with a seamless crypto trading experience for <a target="_blank" rel="nofollow noopener" href="https://dune.com/1inch/main">23M </a>users. Beyond being the top platform for low-cost, efficient token swaps with <a target="_blank" rel="nofollow noopener" href="https://dune.com/1inch/main">$1B in daily trades</a>, 1inch offers a range of innovative tools, including a secure self-custodial wallet, a portfolio tracker for managing digital assets, a developer portal to build on its cutting-edge technology, and even a debit card for easy crypto spending. By continuously innovating, 1inch is simplifying DeFi for everyone. </p><p><a target="_blank" rel="nofollow noopener" href="https://1inch.io/">Website</a> |<a target="_blank" rel="nofollow noopener" href="https://x.com/1inch"> Twitter/ X</a> | <a target="_blank" rel="nofollow noopener" href="https://blog.1inch.io">Explore Blog</a></p><p></p><h5>Contact</h5><p><span><strong>PR lead</strong><br></span><span><strong>Pavel Kruglov</strong><br></span><span><strong>1inch Labs</strong><br></span><span><strong><a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="97e7b9fce5e2f0fbf8e1d7a6fef9f4ffb9fef8">[email protected]</a></strong><br></span></p><div class="spu-placeholder" style="display:none"></div>

Randall Munroe’s XKCD ‘Exoplanet System’

  • None
  • Published date: 2025-06-23 00:00:00

None

<figure class=" sqs-block-image-figure intrinsic "> <p> <a class=" sqs-block-image-link " href="https://xkcd.com/3103/"></a></p> <p> <script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="dda81c15862625c5ed206e07-|49"></script><img data-stretch="false" data-image="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png" data-image-dimensions="623x447" data-image-focal-point="0.5,0.5" alt="" data-load="false" elementtiming="system-image-block" src="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png?format=1000w" width="623" height="447" sizes="auto, (max-width: 640px) 100vw, (max-width: 767px) 100vw, 100vw" onload='this.classList.add("loaded")' srcset="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png?format=100w 100w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png?format=300w 300w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png?format=500w 500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png?format=750w 750w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png?format=1000w 1000w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png?format=1500w 1500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/5bf62827-0aa6-49fb-b0aa-b70511c441d2/exoplanet_system.png?format=2500w 2500w" loading="lazy" decoding="async" data-loader="sqs"></p> <p> <figcaption class="image-caption-wrapper"> <p class="">via the cosmic humor &amp; dry-as-the-desert wit of Randall Munroe, creator of XKCD</p> </figcaption></p></figure><p><a href="https://www.infosecurity.us/blog/2025/6/23/randall-munroes-xkcd-exoplanet-system">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://xkcd.com/3103/">https://xkcd.com/3103/</a> </p>