Security Boulevard

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Interoperability’ appeared first on Security Boulevard.

Align your AI pipelines with OWASP AI Testing principles using GitGuardian’s identity-based insights to monitor, enforce, and audit secrets and token usage.

The post Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance appeared first on Security Boulevard.

Mend.io now integrates with Cursor to secure AI-generated code in real time

The post Securing AI code at the source: Mend.io now integrates with Cursor AI Code Editor appeared first on Security Boulevard.

With the latest version of PCI DSS, the Payment Card Industry Security Standards Council (PCI SSC) aims to elevate the standards for cardholder data (CHD) security with themes like stronger cryptography, multi-factor authentication, and continuous monitoring across the transaction lifecycle.

The post Is PCI DSS 4.0 Slowing You Down? Here’s How comforte Can Accelerate Your PCI Compliance Journey appeared first on Security Boulevard.

The Perimeter Is Gone – But Your Attack Surface Keeps Growing Cloud workloads, SaaS apps, edge devices, third-party APIs, and a permanently remote workforce have dissolved the neat network perimeter we once relied on. Traditional firewalls, VPNs, and even best-in-class EDR only cover pieces of the puzzle. Once attackers get any foothold, they can ride flat, […]

The post Microsegmentation: The Must-Have Cyber Defense in 2025 appeared first on ColorTokens.

The post Microsegmentation: The Must-Have Cyber Defense in 2025 appeared first on Security Boulevard.

Security coverage often ends where network visibility drops — inside restricted environments, air-gapped systems, or cloud-isolated virtual networks. Standard external scanners are blind to these zones, creating blind spots that...

The post Managing Strobes Agents for Internal Scanning appeared first on Strobes Security.

The post Managing Strobes Agents for Internal Scanning appeared first on Security Boulevard.

Author/Presenter: Nathaniel Smith (Bellevue College, Baccalaureate Program Undergraduate In Computer Science)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: My Journey Using Linux From Scratch And Why You Should Try It Too appeared first on Security Boulevard.

From the Desk of Don Leone, Vice President of Sales, Strategic Alliances

There are milestones in the life of a cybersecurity company that speak volumes, not just about where we’ve been, but where we are headed. Today, I’m thrilled to share one of those moments with you: Dispersive Stealth Networking has officially earned the “Deployed on AWS” badge.

This isn’t just a logo to post on our website. This is hard-earned validation from one of the most rigorous cloud ecosystems in the world – Amazon Web Services (AWS). This badge signifies technical excellence, operational maturity, and a rock-solid commitment to delivering secure, scalable solutions to customers, all natively within the AWS Cloud.

Why This Matters

At Dispersive, we’ve been building on AWS from the very beginning. As the cloud has matured and evolved, so have organizations’ needs and requirements, including remote workforces, AI-driven workflows and high-stakes, zero-fail infrastructure. Our architecture, developed in the defense and intelligence community, was designed for this complexity from day one. And now, AWS has formally recognized our commitment.

Why This Matters

The “Deployed on AWS” badge tells our customers and partners a few key things:

• We meet AWS’s rigorous technical standards. This includes passing an architecture review grounded in AWS Well-Architected Frameworks.
• We are a trusted solution for critical workloads. Whether it is for encrypted remote access, zero trust enclaves, or AI isolation and protection, Dispersive delivers secure outcomes.
• We are validated for performance, resilience, and scale. Our ability to seamlessly move across hybrid environments is a game-changer for enterprise transformation.

A Strategic Leap Forward

This badge isn’t just an award; we see it as a launchpad. It opens new doors for procurement, makes it easier for customers to adopt our technology via the AWS Marketplace, and provides the flexibility enterprise buyers require. Now that Dispersive is an officially deployed AWS partner, customers can:

• Use Private Pricing Agreements (PPA) to apply spend toward their AWS commitments
• Leverage consolidated billing to streamline procurement
• Rapidly deploy Dispersive Stealth Networking across AWS environments with no additional infrastructure or delay

Our joint customers with AWS now have access to preemptive, stealth-grade security with the convenience of their existing AWS relationship.

Built for Mission-Critical Operations and Next Gen Threats

If I’ve learned one thing in my career, it’s that most security solutions are reactive. And reactive just isn’t going to cut it with quantum threats and gen-AI. Quantum computing, AI-enhanced threat actors, and globally distributed attack surfaces demand more than just another layer of protection. They demand a new approach, one that is not only preemptive, but stealthy, dynamic, and resilient.

This is the approach that Dispersive Stealth Networking takes. We disperse, cloak, and continuously adapt traffic patterns to make communications invisible, untraceable, and inherently resilient. And now, we do all this with the seal of AWS validation behind us.

Learn the essential security strategies to safeguard AI models, data, and infrastructure from advanced threats. Download the White Paper: Best Practices Protecting AI Workloads White Paper

On AWS, the Dispersive Stealth Networking platform powers:

• Zero Trust Workspaces
• Managed Attribution & Anonymity for sensitive users
• AI Isolation and Protection
• CloudWAN and SD-WAN Edge Security
• Secure Remote Access at Global Scale

A Shared Mission with AWS

At its core, our relationship with AWS is about a shared vision. We strive to make world-class security accessible in the cloud, to support customers navigating multi-cloud, hybrid, and edge environments without compromise, and to deliver solutions that scale globally but adapt locally. Working hand in hand with AWS, we are helping organizations achieve high performance and resiliency without compromising their security. From critical infrastructure to intensely regulated industries to AI-focused cloud teams, we are solving complex network problems.

An Invitation to Innovate with Us

As Vice President of Sales, Strategic Alliances at Dispersive, I’ve seen firsthand how transformative this partnership can be, not only for the world’s most demanding enterprises, but for public sector and defense agencies and small businesses alike. This badge is our signal flare. Dispersive is ready to meet you where you are in the AWS cloud and 10x your network performance while ensuring quantum-resistant security.

So, if you're looking for:

• A smarter path to Zero Trust
• Help securing distributed AI workloads
• Stealth networking for high-sensitivity environments
• Or just a better, faster, cloud-native way to protect your users and data

I invite you to visit our AWS Marketplace listing or schedule a conversation with our team. Let’s talk about what Dispersive can do for you in the cloud and beyond. Please feel free to reach out to me directly on LinkedIn or [email protected], and let’s build something secure, scalable, and future proof together.

- Don Leone, Vice President of Sales, Strategic Alliances, Dispersive

Header image courtesy of Sergey Gricanov from Pixabay.

The post Dispersive Earns Prestigious “Deployed on AWS” Badge appeared first on Security Boulevard.

We’re staunch believers in the adage:

The post Security Without Guesswork: Calculating and Reducing Residual Risk appeared first on Security Boulevard.

Australian and New Zealand companies are bouncing back from cyberattacks nearly three weeks faster than they did a year ago, according to a new survey commissioned by U.S. data-protection vendor Commvault and published by Reuters. The poll of 408 IT leaders found the typical recovery window has shrunk to 28 days, down from 45 days […]

The post Australia’s 28-Day Cyber Comeback appeared first on Centraleyes.

The post Australia’s 28-Day Cyber Comeback appeared first on Security Boulevard.

Don’t let hidden cloud risks become tomorrow’s headline breach. The time to dismantle the toxic cloud trilogy is now. Here’s how Tenable Cloud Security can help.

In today’s cloud environments, individual misconfigurations or vulnerabilities are dangerous — but it’s their combinations that can lead to catastrophic breaches. The Tenable Cloud Security Risk Report 2025 reveals that nearly 29% of organizations still have at least one toxic cloud trilogy. While this is a reduction from last year, it’s still alarming. These high-risk clusters occur when a single cloud workload is:

• Publicly exposed to the internet
• Critically vulnerable due to unpatched CVEs
• Over-permissioned, with identity and access management (IAM) roles that allow lateral movement or privilege escalation

This trifecta has the potential to open up a highly exploitable attack path in the cloud.

Breaking down the toxic cloud trilogy

Let’s walk through a real-world example:

1. An attacker scans public IP ranges and finds an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance running a web server (public exposure)
2. They detect an unpatched remote code execution (RCE) vulnerability in that server (critical vulnerability).
3. Upon exploitation, they gain access to an IAM role with iam:PassRole, ec2:RunInstances, or even *:* (excessive permission).
4. The result? Full environment compromise — which could enable actions including sensitive data exfiltration or infrastructure takeover.

This is not a rare edge case. Tenable’s research shows that toxic trilogies are still common, often born from the “get it working fast” mentality during development — and left unremediated in production.

Common challenges behind toxic workloads — and how Tenable Cloud Security can help 1. Critical vulnerabilities in running cloud workloads

Many organizations scan infrastructure-as-code but neglect active cloud workloads, missing CVEs that exist in live environments. In some cases, teams delay mitigation to wait for all patches to be available or lack urgency because they don’t have context into the true risk of the vulnerability.

✅ Tenable Cloud Security advantage:

• Agentless scanning of cloud workloads in runtime.
• Integrated code-to-cloud visibility — from CI/CD pipelines to production environments.
• Exposure-aware prioritization of vulnerabilities that factors in public access and identity privileges.

2. Public network exposure

Misconfigured security groups, open ports or overexposed resources make workloads discoverable and attackable from the internet.

✅ Tenable Cloud Security advantage:

• Continuous monitoring of cloud network configurations.
• Automated detection of public access paths to high-value assets.
• Risk scoring that increases based on combined exposure and vulnerability context, including likelihood of exploitation.

3. Excessive permissions on identities

IAM roles are often over-permissioned during development and never scoped down. Overly broad policies are an open invitation to attackers.

✅ Tenable Cloud Security advantage:

• Integrated cloud infrastructure and entitlement management (CIEM) capabilities to map effective permissions across all identities.
• Least privilege policy recommendations generated from real-world usage patterns, and Just in Time (JIT) access for least-privilege granularity through time limits.
• Detection of trust policy misconfigurations that enable unintended role assumptions.

4. Fragmented tooling, siloed risk visibility

Security teams lack a unified view that correlates identity, network and workload risk across hybrid environments.

✅ Tenable One platform integration:

• Tenable Cloud Security feeds into the Tenable One Exposure Management Platform, delivering unified visibility and analytics.
• See the full attack path — not just individual issues — with automated toxic risk detection.
• Prioritize what matters most using cross-domain context (identity + vulnerability + exposure).

Dismantling the toxic cloud trilogy: A proactive CNAPP approach

To eliminate toxic workload risk, security teams need more than scanning — they need continuous, contextualized security across the full stack. Tenable’s cloud-native application protection platform (CNAPP) capabilities offer:

Vulnerability management that goes beyond CVSS

• Identify vulnerabilities not just by severity, but by exposure and exploitability.
• Scan both static code and live cloud assets for comprehensive coverage.

Attack path analysis and risk correlation

• Automatically identify toxic combinations across your cloud infrastructure.
• Visualize attack paths and sever the most critical links before attackers can use them.

IAM hygiene at machine speed

• Continuously audit all IAM roles, users and service identities.
• Detect unused credentials, over-permissioned roles and dangerous trust relationships.

Prioritization with context

• Tenable ranks toxic trilogies as top risks, not isolated misconfigurations.
• Prioritization is driven by real-world exploitation potential — not theoretical risk.

Toxic cloud trilogies can lead to breaches – context is key to mitigation

A critical CVE on an isolated virtual machine isn’t your biggest risk. But a medium-severity bug on a public-facing container with excessive IAM rights? That’s breach material.

Tenable Cloud Security gives you the visibility to find these toxic combinations fast — and the context to fix them before they’re exploited. Tenable Cloud Security, as part of Tenable One, gives you that kind of visibility across your hybrid cloud.

Learn more

• ➡️ Download the Tenable Cloud Security Risk Report 2025
• ➡️ Read Part 1 of this blog series: Secrets in the Open: Cloud Data Exposures That Put Your Business at Risk

The post The Toxic Cloud Trilogy: Why Your Workloads Are a Ticking Time Bomb appeared first on Security Boulevard.

The notorious BlueNoroff group from North Korea is using deepfake video and deceptive Zoom calls to steal cryptocurrency by enticing targets to unwittingly download malware onto their macOS devices and letting the hackers to get access into them.

The post N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams appeared first on Security Boulevard.

Discover practical strategies security teams can use to investigate suspicious activity across SaaS apps, reduce alert noise, and respond to real threats faster.

The post How to Investigate Suspicious User Activity Across Multiple SaaS Applications appeared first on AppOmni.

The post How to Investigate Suspicious User Activity Across Multiple SaaS Applications appeared first on Security Boulevard.

Here’s the thing about open-source software — it’s a gift. Someone out there wrote code and said, “Here, I’m sharing this code with you. Review it, use it, improve it, create something amazing.” Then pay it forward: publish your code enhancements, share it openly, and invite others to build on your work. Contribute back to the community that helped you, encouraging innovation and growth for everyone involved.

The post SAFE and Trusted: Why the Spectra Assure Community Badge Belongs on Your Open Source Project appeared first on Security Boulevard.

In recent conversations with prospective customers, one request keeps rising to the top: “Can you monitor Snowflake?” At first, it felt like a coincidence. But over multiple engagements, that urgency isn’t random – it reflects a deeper industry concern. Security leaders are increasingly prioritizing Snowflake as a high-risk, high-value SaaS application. And they’re right to. The breach playbook has changed and Snowflake has already served as a proving ground for modern identity-driven attacks. Snowflake was breached last year by UNC5537, a financially motivated threat group. According to Google Mandiant, this campaign affected roughly 165 customer instances, with attackers leveraging stolen credentials to exfiltrate sensitive data and demand ransom.  Around the same time, the group known as Scattered Spider (also tracked as UNC3944) became notorious for socially engineered help‑desk intrusions: impersonating insiders, gaining access to valid credentials and multifactor reset paths. They then used those credentials to log into SaaS platforms like Okta and AWS, moving freely and quietly, and exfiltrating data undetected.   A couple of months ago, Scattered Spider attacked major retailers in the UK and US.  And most recently, that same playbook has expanded into the U.S. insurance sector, indicating this isn’t an isolated tactic, it’s the new mainstream. These are not brute-force breaches. These are post-login campaigns. Once inside, the attackers encounter little resistance. Logging is inconsistent, behavioral monitoring is absent, and access to sensitive data is rarely flagged. The result? Highly scalable, nearly invisible data theft enabled not by technical exploits, but by gaps in post-authentication identity and SaaS monitoring. This shift is hard-hitting, and it’s validated in the Google M-Trends 2025 report: These stats paint a stark reality: attackers aren’t rushing in with exploits, they’re walking through front doors. Snowflake is a prime target because of the data it holds. It’s the engine behind analytics, finance, customer intelligence, and more. It’s federated through identity providers, widely accessible by technical teams, and often under-monitored once a user is authenticated. In other words, it’s an attacker’s dream…and a detection blind spot. At Reveal Security, we’ve written extensively about this gap. In “Snowflake and the Continuing Identity Threat Detection Gap”, we laid out why perimeter-based defenses don’t work in SaaS, and why post-authentication behavior monitoring must become a security priority. The reality is this: SaaS identity abuse is the new ransomware. It’s scalable, stealthy, and extremely difficult to detect using traditional tools. And as attackers increasingly use GenAI to impersonate users and automate social engineering, the problem will only get worse. So what are top-tier security teams doing? Security leaders aren’t just worried about perimeter defenses anymore. They’re focused on identity-driven attacks in data-rich SaaS platforms and Snowflake ranks high on their watch list.  At Reveal, we’re helping security teams close the gap in Snowflake and other critical SaaS applications.  If this is a growing area of concern for your organization, let’s talk. – Kevin

The post Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. appeared first on RevealSecurity.

The post Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. appeared first on Security Boulevard.

Overview of the current cyber attacks in the Iran-Israel conflict The geopolitical confrontation between Iran and Israel has a long history. In recent years, as the competition between the two countries in the military, nuclear energy and diplomatic fields has been escalating. On June 13, 2025, the IDF launched a large-scale military operation against Iran. […]

The post The Hacktivist Cyber Attacks in the Iran-Israel Conflict appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post The Hacktivist Cyber Attacks in the Iran-Israel Conflict appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); Due to the incomplete CVE-2024-39931 fix, an authenticated attacker can delete files in the .git directory through symbolic links and execute arbitrary commands on the Gogs instance using the account permissions specified by RUN_USER in […]

The post Gogs Remote Command Execution Vulnerability (CVE-2024-56731) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Gogs Remote Command Execution Vulnerability (CVE-2024-56731) appeared first on Security Boulevard.

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matters. It’s no longer enough to merely patch known flaws; security teams must now [...]

The post Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities appeared first on Wallarm.

The post Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities appeared first on Security Boulevard.

When the RMS Titanic hit an iceberg on 15 April 1912, she set off flares
and her wireless operator sent out a distress call. The RMS Carpathia
responded, but by the time she arrived, the Titanic had already sunk: only
those who had made it to the lifeboats could be saved. Some 1,500 people
died.

Another ship was closer and could potentially have responded faster—perhaps
even fast enough that more lives could have been saved. Yet despite seeing
the flares, she did nothing.

The post Lessons from the Titanic: when you don’t respond to a crisis appeared first on Security Boulevard.

The decision to adopt a purpose-built container operating system (OS) versus maintaining a standard OS across legacy and cloud-native systems depends on your organization’s risk tolerance, compliance requirements, and visibility needs. Below is a structured approach you can take to evaluate the trade-offs and select the right strategy.

The post Is Container OS Insecurity Making Your K8s Infrastructure Less Secure? appeared first on Security Boulevard.