Rising threat and forecast for 2023 is claimed to be data poisoning, which interestingly enough will impact «AI» -based decisions. AI is still just machine-learning making shit out, on shit in…
There are many AI artwork generators out there. The methods vary, but I find those “text to image” quite fun. Check the methods and a selection of tools presented by Nightcafe, create one yourself.
“Houses of doom”
“A castle where dogs can play”
A brief but nice summary of pain points we have all experienced?
- Insufficient staff skills
- Data loss/leakage
- API vulnerabilities
- Malware infections
- Insufficient identity and access management controls
- Lack of visibility into what data and workloads are within cloud applications
- Inability to monitor data in transit to and from cloud applications
- Cloud applications being provisioned outside of IT visibility (e.g., shadow IT)
- Inability to prevent malicious insider theft or misuse of data
- Advanced threats and attacks against the cloud application provider
- Inability to assess the security of the cloud application provider’s operations
- Vendors failing to alert customers of vulnerabilities
- Inability to maintain regulatory compliance
- Misconfigurations of cloud hardware and/or cloud software
It is not breaking news, but «amen», Archie!
If you have ever wondered, these are my measurements of the Taycan Sedan Trunk and Frunk
Prusa has made a thingiverse competitor(?), https://www.printables.com/
«The cloud-native ecosystem typically has the four C’s of cloud security: cloud, clusters, containers and code. Each layer builds on the next and insecurities at any layer can impact the layers that follow, such as applications deployed on insecure containers.» Csoonline sais.
Scan them with, e.g., Open-source options such as Anchore and Trivvy during or before deployment.
Reducing export to many countries, not Norway.
NotSoSecure have made this wiki for cloud security, with tools and methods for how to research and develop knowledge in this topic. I find it quite useful when browsing various cloud security research blogs they refer to, tools and methods. E.g., for AWS a lot of defensive and offensive tools are listed such as ScoutSuite in which I have great experience with.
Minimum Viable Security Product has a baseline requirements list for B2B software and products thats worth checking out. It is founded on the same principle as most frameworks, e.g., as the CIS critical security controls, by “prioritizing security functions that are effective”.