Attack technique alert: Vulcan Cyber discovered that AI package hallucination open developers to malicious attacks | Learn more >>

OWASP top 10 LLM risks: Discover the OWASP top 10 LLM risks for 2023 and the steps we can take to prevent them | Read more >>

CVE-2023-32784 in KeePass: How to fix the KeePass password manager vulnerability | Read more >>

Attack technique alert: Vulcan Cyber discovered that AI package hallucination open developers to malicious attacks | Learn more >>

OWASP top 10 LLM risks: Discover the OWASP top 10 LLM risks for 2023 and the steps we can take to prevent them | Read more >>

CVE-2023-32784 in KeePass: How to fix the KeePass password manager vulnerability | Read more >>

TRY VULCAN FREE

GCP security simplified: a beginner’s guide

While cloud helps accelerate business growth through its many benefits, such as massive scalability and agility, it also brings with it new security challenges. Cloud deployments can be quite complex in nature and are susceptible to cyber attacks and data breaches if the right security guardrails are not in place. In Google Cloud, what is… Continue reading GCP security simplified: a beginner’s guide

The AWS security cheat sheet

Like the other Big 3 CSPs, AWS follows a shared responsibility model and offers security guardrails to protect the platform and the underlying hardware. Nonetheless, AWS customers are expected to implement native or third-party security measures in order to keep their cloud workloads secure. Which security measures you’ll need to implement will depend on the… Continue reading The AWS security cheat sheet

Patch management mastery: 8 essential best practices for better security

Patch management—the process businesses use to apply fixes or patches to software—sounds straightforward. But in reality, it’s a complex and high-stakes task, especially in a production environment. Complicating factors include the volume of patches, the prioritization of patches, and the choice of when to patch. Streamlining the process with patch management best practices reduces risks… Continue reading Patch management mastery: 8 essential best practices for better security

Security testing 101

In the current threat landscape, cyberattacks have become the norm. According to Accenture’s “State of Cybersecurity Resilience 2021” report, there was a 31% increase in attacks per company, 206 to 270 year over year, from 2020 to 2021. In the first few months of 2022, the notorious digital extortion group Lapsus$ went on a hacking… Continue reading Security testing 101

8 common cloud misconfiguration types (and how to avoid them)

Cloud misconfiguration refers to any errors, glitches, or gaps in the cloud environment that could pose a risk to valuable information and assets. It occurs when the cloud-based system is not correctly configured by the organization, leading to cyber exposures, security breaches, insider threats, or external hackers. These cloud-threat actors exploit vulnerabilities to gain access… Continue reading 8 common cloud misconfiguration types (and how to avoid them)

Secure coding practices: the developer’s guide to security

Cyber risk is a major concern in any modern organization, with cyberattacks affecting even the biggest tech companies. Teams need to be better equipped to counter that risk and need to pull together in the direction of reducing it. For developers, that means secure coding – working from the outset to apply cyber security best… Continue reading Secure coding practices: the developer’s guide to security

Prioritizing cloud security threats: what you need to know

As enterprises across the globe continue to leverage cloud technologies in order to improve business efficiency, cloud service providers (CSPs) looking to gain a competitive edge are expanding their offerings to meet this demand. In order to keep up with the market and ever-changing customer requirements, CSPs must accelerate their development efforts. But in many… Continue reading Prioritizing cloud security threats: what you need to know

How to integrate risk-based security with your cloud-native infrastructure

Cloud-native infrastructures take advantage of all cloud computing has to offer: distributed architecture, scalability, flexibility, and the ability to abstract multiple layers of infrastructure—allowing it to be defined in code. Relying on automation, this code-based configuration approach offers numerous benefits: Easy-to-manage infrastructure Ability to turn features on and off as needed Greater accuracy Improved speed… Continue reading How to integrate risk-based security with your cloud-native infrastructure

How to reduce security debt – part 2

In our last blog, we covered security tech debt, how it happens, and how to reduce it. Here, we’ll go into how you and your organization can remain on top of your tech debt, improve cyber hygiene and ultimately mitigate your risk. What to do once you’ve paid your security tech debt Once your security… Continue reading How to reduce security debt – part 2

How to reduce security debt – part 1

In the world of software development, “tech debt” refers to accrued costs and long-term consequences of prioritizing speed over software quality. This can involve taking shortcuts by using poor coding techniques, ignoring outdated modules, or using software architecture that doesn’t meet industry standards. This, however, creates additional work later on (maintaining the software, upgrading the… Continue reading How to reduce security debt – part 1