Security Boulevard

We’re staunch believers in the adage:

The post Security Without Guesswork: Calculating and Reducing Residual Risk appeared first on Security Boulevard.

Australian and New Zealand companies are bouncing back from cyberattacks nearly three weeks faster than they did a year ago, according to a new survey commissioned by U.S. data-protection vendor Commvault and published by Reuters. The poll of 408 IT leaders found the typical recovery window has shrunk to 28 days, down from 45 days […]

The post Australia’s 28-Day Cyber Comeback appeared first on Centraleyes.

The post Australia’s 28-Day Cyber Comeback appeared first on Security Boulevard.

Don’t let hidden cloud risks become tomorrow’s headline breach. The time to dismantle the toxic cloud trilogy is now. Here’s how Tenable Cloud Security can help.

In today’s cloud environments, individual misconfigurations or vulnerabilities are dangerous — but it’s their combinations that can lead to catastrophic breaches. The Tenable Cloud Security Risk Report 2025 reveals that nearly 29% of organizations still have at least one toxic cloud trilogy. While this is a reduction from last year, it’s still alarming. These high-risk clusters occur when a single cloud workload is:

• Publicly exposed to the internet
• Critically vulnerable due to unpatched CVEs
• Over-permissioned, with identity and access management (IAM) roles that allow lateral movement or privilege escalation

This trifecta has the potential to open up a highly exploitable attack path in the cloud.

Breaking down the toxic cloud trilogy

Let’s walk through a real-world example:

1. An attacker scans public IP ranges and finds an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance running a web server (public exposure)
2. They detect an unpatched remote code execution (RCE) vulnerability in that server (critical vulnerability).
3. Upon exploitation, they gain access to an IAM role with iam:PassRole, ec2:RunInstances, or even *:* (excessive permission).
4. The result? Full environment compromise — which could enable actions including sensitive data exfiltration or infrastructure takeover.

This is not a rare edge case. Tenable’s research shows that toxic trilogies are still common, often born from the “get it working fast” mentality during development — and left unremediated in production.

Common challenges behind toxic workloads — and how Tenable Cloud Security can help 1. Critical vulnerabilities in running cloud workloads

Many organizations scan infrastructure-as-code but neglect active cloud workloads, missing CVEs that exist in live environments. In some cases, teams delay mitigation to wait for all patches to be available or lack urgency because they don’t have context into the true risk of the vulnerability.

✅ Tenable Cloud Security advantage:

• Agentless scanning of cloud workloads in runtime.
• Integrated code-to-cloud visibility — from CI/CD pipelines to production environments.
• Exposure-aware prioritization of vulnerabilities that factors in public access and identity privileges.

2. Public network exposure

Misconfigured security groups, open ports or overexposed resources make workloads discoverable and attackable from the internet.

✅ Tenable Cloud Security advantage:

• Continuous monitoring of cloud network configurations.
• Automated detection of public access paths to high-value assets.
• Risk scoring that increases based on combined exposure and vulnerability context, including likelihood of exploitation.

3. Excessive permissions on identities

IAM roles are often over-permissioned during development and never scoped down. Overly broad policies are an open invitation to attackers.

✅ Tenable Cloud Security advantage:

• Integrated cloud infrastructure and entitlement management (CIEM) capabilities to map effective permissions across all identities.
• Least privilege policy recommendations generated from real-world usage patterns, and Just in Time (JIT) access for least-privilege granularity through time limits.
• Detection of trust policy misconfigurations that enable unintended role assumptions.

4. Fragmented tooling, siloed risk visibility

Security teams lack a unified view that correlates identity, network and workload risk across hybrid environments.

✅ Tenable One platform integration:

• Tenable Cloud Security feeds into the Tenable One Exposure Management Platform, delivering unified visibility and analytics.
• See the full attack path — not just individual issues — with automated toxic risk detection.
• Prioritize what matters most using cross-domain context (identity + vulnerability + exposure).

Dismantling the toxic cloud trilogy: A proactive CNAPP approach

To eliminate toxic workload risk, security teams need more than scanning — they need continuous, contextualized security across the full stack. Tenable’s cloud-native application protection platform (CNAPP) capabilities offer:

Vulnerability management that goes beyond CVSS

• Identify vulnerabilities not just by severity, but by exposure and exploitability.
• Scan both static code and live cloud assets for comprehensive coverage.

Attack path analysis and risk correlation

• Automatically identify toxic combinations across your cloud infrastructure.
• Visualize attack paths and sever the most critical links before attackers can use them.

IAM hygiene at machine speed

• Continuously audit all IAM roles, users and service identities.
• Detect unused credentials, over-permissioned roles and dangerous trust relationships.

Prioritization with context

• Tenable ranks toxic trilogies as top risks, not isolated misconfigurations.
• Prioritization is driven by real-world exploitation potential — not theoretical risk.

Toxic cloud trilogies can lead to breaches – context is key to mitigation

A critical CVE on an isolated virtual machine isn’t your biggest risk. But a medium-severity bug on a public-facing container with excessive IAM rights? That’s breach material.

Tenable Cloud Security gives you the visibility to find these toxic combinations fast — and the context to fix them before they’re exploited. Tenable Cloud Security, as part of Tenable One, gives you that kind of visibility across your hybrid cloud.

Learn more

• ➡️ Download the Tenable Cloud Security Risk Report 2025
• ➡️ Read Part 1 of this blog series: Secrets in the Open: Cloud Data Exposures That Put Your Business at Risk

The post The Toxic Cloud Trilogy: Why Your Workloads Are a Ticking Time Bomb appeared first on Security Boulevard.

The notorious BlueNoroff group from North Korea is using deepfake video and deceptive Zoom calls to steal cryptocurrency by enticing targets to unwittingly download malware onto their macOS devices and letting the hackers to get access into them.

The post N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams appeared first on Security Boulevard.

Discover practical strategies security teams can use to investigate suspicious activity across SaaS apps, reduce alert noise, and respond to real threats faster.

The post How to Investigate Suspicious User Activity Across Multiple SaaS Applications appeared first on AppOmni.

The post How to Investigate Suspicious User Activity Across Multiple SaaS Applications appeared first on Security Boulevard.

Here’s the thing about open-source software — it’s a gift. Someone out there wrote code and said, “Here, I’m sharing this code with you. Review it, use it, improve it, create something amazing.” Then pay it forward: publish your code enhancements, share it openly, and invite others to build on your work. Contribute back to the community that helped you, encouraging innovation and growth for everyone involved.

The post SAFE and Trusted: Why the Spectra Assure Community Badge Belongs on Your Open Source Project appeared first on Security Boulevard.

In recent conversations with prospective customers, one request keeps rising to the top: “Can you monitor Snowflake?” At first, it felt like a coincidence. But over multiple engagements, that urgency isn’t random – it reflects a deeper industry concern. Security leaders are increasingly prioritizing Snowflake as a high-risk, high-value SaaS application. And they’re right to. The breach playbook has changed and Snowflake has already served as a proving ground for modern identity-driven attacks. Snowflake was breached last year by UNC5537, a financially motivated threat group. According to Google Mandiant, this campaign affected roughly 165 customer instances, with attackers leveraging stolen credentials to exfiltrate sensitive data and demand ransom.  Around the same time, the group known as Scattered Spider (also tracked as UNC3944) became notorious for socially engineered help‑desk intrusions: impersonating insiders, gaining access to valid credentials and multifactor reset paths. They then used those credentials to log into SaaS platforms like Okta and AWS, moving freely and quietly, and exfiltrating data undetected.   A couple of months ago, Scattered Spider attacked major retailers in the UK and US.  And most recently, that same playbook has expanded into the U.S. insurance sector, indicating this isn’t an isolated tactic, it’s the new mainstream. These are not brute-force breaches. These are post-login campaigns. Once inside, the attackers encounter little resistance. Logging is inconsistent, behavioral monitoring is absent, and access to sensitive data is rarely flagged. The result? Highly scalable, nearly invisible data theft enabled not by technical exploits, but by gaps in post-authentication identity and SaaS monitoring. This shift is hard-hitting, and it’s validated in the Google M-Trends 2025 report: These stats paint a stark reality: attackers aren’t rushing in with exploits, they’re walking through front doors. Snowflake is a prime target because of the data it holds. It’s the engine behind analytics, finance, customer intelligence, and more. It’s federated through identity providers, widely accessible by technical teams, and often under-monitored once a user is authenticated. In other words, it’s an attacker’s dream…and a detection blind spot. At Reveal Security, we’ve written extensively about this gap. In “Snowflake and the Continuing Identity Threat Detection Gap”, we laid out why perimeter-based defenses don’t work in SaaS, and why post-authentication behavior monitoring must become a security priority. The reality is this: SaaS identity abuse is the new ransomware. It’s scalable, stealthy, and extremely difficult to detect using traditional tools. And as attackers increasingly use GenAI to impersonate users and automate social engineering, the problem will only get worse. So what are top-tier security teams doing? Security leaders aren’t just worried about perimeter defenses anymore. They’re focused on identity-driven attacks in data-rich SaaS platforms and Snowflake ranks high on their watch list.  At Reveal, we’re helping security teams close the gap in Snowflake and other critical SaaS applications.  If this is a growing area of concern for your organization, let’s talk. – Kevin

The post Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. appeared first on RevealSecurity.

The post Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. appeared first on Security Boulevard.

Overview of the current cyber attacks in the Iran-Israel conflict The geopolitical confrontation between Iran and Israel has a long history. In recent years, as the competition between the two countries in the military, nuclear energy and diplomatic fields has been escalating. On June 13, 2025, the IDF launched a large-scale military operation against Iran. […]

The post The Hacktivist Cyber Attacks in the Iran-Israel Conflict appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post The Hacktivist Cyber Attacks in the Iran-Israel Conflict appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); Due to the incomplete CVE-2024-39931 fix, an authenticated attacker can delete files in the .git directory through symbolic links and execute arbitrary commands on the Gogs instance using the account permissions specified by RUN_USER in […]

The post Gogs Remote Command Execution Vulnerability (CVE-2024-56731) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Gogs Remote Command Execution Vulnerability (CVE-2024-56731) appeared first on Security Boulevard.

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matters. It’s no longer enough to merely patch known flaws; security teams must now [...]

The post Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities appeared first on Wallarm.

The post Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities appeared first on Security Boulevard.

When the RMS Titanic hit an iceberg on 15 April 1912, she set off flares
and her wireless operator sent out a distress call. The RMS Carpathia
responded, but by the time she arrived, the Titanic had already sunk: only
those who had made it to the lifeboats could be saved. Some 1,500 people
died.

Another ship was closer and could potentially have responded faster—perhaps
even fast enough that more lives could have been saved. Yet despite seeing
the flares, she did nothing.

The post Lessons from the Titanic: when you don’t respond to a crisis appeared first on Security Boulevard.

The decision to adopt a purpose-built container operating system (OS) versus maintaining a standard OS across legacy and cloud-native systems depends on your organization’s risk tolerance, compliance requirements, and visibility needs. Below is a structured approach you can take to evaluate the trade-offs and select the right strategy.

The post Is Container OS Insecurity Making Your K8s Infrastructure Less Secure? appeared first on Security Boulevard.

A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within four days of detection.

This rule was established to ensure shareholders are properly informed and potential victims receive timely notice so they can take protective action, which wasn’t happening consistently before the rule took effect.

The lobbyists have cobbled together six supposed reasons for its request. Let’s be clear: they’re all bogus. Let’s break them down.

1. It conflicts with confidential reporting requirements designed to protect critical infrastructure and warn potential victims, thus compromising coordinated national cybersecurity efforts.

Absolutely not. A brief, non-sensitive summary submitted via an 8-K form does not endanger critical infrastructure. It allows investors to disinvest if they so choose without being at a disadvantage. Notifying victims does not “compromise” security, it enhances their ability to protect themselves.

2. It interferes with incident response and law enforcement investigations.

Wrong again. Reporting is separate from investigations. The attacker already knows the breach occurred. The bank knows. The only ones being kept in the dark are shareholders and the public.

3. It creates market confusion as companies struggle to distinguish between mandatory and voluntary disclosures.

This is just disingenuous. The rule is straightforward: if you’re a public company and you determine a breach is material, you must report it to the SEC within four days. That’s neither complex nor ambiguous.

4. Disclosures have been weaponized by ransomware actors to further malicious objectives and may increase cybersecurity threats.

They cited one case where an attacker informed the SEC that a company failed to disclose a breach within the 4-day window. First, the rule hadn’t taken effect at the time. Second, the lobbyist’s argument essentially boils down to: “If we break the rules, attackers might tell on us.” That’s not extortion, it’s accountability. If you’re worried about attackers pointing out regulatory violations, the solution isn’t to remove the rule. It’s to follow it.

5. Premature disclosures could have negative implications for insurance and liability, exacerbating financial and operational harm.

This one’s pure speculation. The 8-K notice is just a starting point. The facts unfold over time, and insurers evaluate the situation based on confirmed details, not the initial disclosure.

6. Public disclosure could chill candid internal communication and routine information sharing.

That’s laughable. In reality, it’s the desire to keep things quiet that stifles internal communication. Many companies try to limit awareness to as few people as possible. Disclosure forces communication — internally and externally — which is precisely what’s needed during a material incident.Let’s be honest: the real reason for this lobbying effort is clear. The banking industry wants the ability to delay, spin-control the message to manage the investor fallout, or outright hide cybersecurity incidents from investors and the public. They are doing it for themselves, and not for investors or potential victim’s best interests.

The four-day requirement ensures companies act quickly, allocate resources for investigation, and avoid the risk of insider trading where a select few know about a material event before shareholders do. That risk has already materialized in the past — executives and even CISOs have faced charges for trading on undisclosed breach information. The rule exists to prevent exactly that kind of abuse.

And let’s not forget the victims. Timely disclosure allows individuals and organizations to take defensive measures, mitigate harm, and reassess their trust in the affected institution.

In the year and a half since this rule went into effect, we haven’t seen any meaningful harm arise from this disclosure rule. Quite the opposite. It has increased market fairness, transparency, and accountability.

The lobbyist’s position is nothing short of shameful. They’re putting forward weak, recycled arguments in the hopes of shielding their industry from public scrutiny, narrative damage, and financial consequences. This is an effort to maintain secrecy, avoid accountability, and reduce the pressure to invest in proper cybersecurity practices.

Business leaders and cybersecurity professionals should see this for what it is: a shady move to protect image and profits at the expense of transparency, fairness, security, and public trust.

My article was originally posted on HelpNetSecurity https://www.helpnetsecurity.com/2025/06/03/bankers-association-attack-on-cybersecurity-transparency/

The post Bankers Association’s Attack on Cybersecurity Transparency appeared first on Security Boulevard.

Author/Presenter: Joe Ryan (High Performance Computing Systems Engineer, Institute for Cyber Enabled Research (ICER) at Michigan State University

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: Operating System Upgrades In A High Performance Computing Environment appeared first on Security Boulevard.

In the evolving landscape of cyber threats, security teams often find themselves overwhelmed. They are constantly battling an unrelenting barrage of incidents with limited resources. Traditional automation falls short. The dynamic and unpredictable nature of modern attacks keeps threat actors one step ahead of defenders. This is where Microsoft Security Copilot steps in. It’s not..

The post The Era of Agentic Security with Microsoft Security Copilot appeared first on Security Boulevard.

In March 2024, Veeam, a leader in data protection, made a strategic move that significantly improved its stance on ransomware: the acquisition of Coveware. This wasn’t just another corporate acquisition. It was a deep integration of specialized expertise and cutting-edge technology, transforming Veeam from a backup and recovery solution moving into the security space into..

The post Beyond Backup: How Coveware is Revolutionizing Veeam’s Ransomware Defense appeared first on Security Boulevard.

Product-market fit is every startup’s holy grail, but getting there often feels like a costly game of trial and error. While founders hustle to validate...Read More

The post How a Fractional CTO Can Help You Nail Product Market Fit (Without Burning Budget) appeared first on ISHIR | Software Development India.

The post How a Fractional CTO Can Help You Nail Product Market Fit (Without Burning Budget) appeared first on Security Boulevard.

Now millions of developers can easily and effectively protect high-value app flows like login and checkout from bot-driven fraud, without CAPTCHAs

The post Kasada and Vercel Launch BotID: Invisible Bot Protection, Built for Developers appeared first on Security Boulevard.

5 min readFollow this hands-on walkthrough to create a GitHub App, generate installation tokens, and swap fragile PATs out of your workflows.

The post Replacing a GitHub Personal Access Token With a GitHub Application appeared first on Aembit.

The post Replacing a GitHub Personal Access Token With a GitHub Application appeared first on Security Boulevard.

We're excited to partner with Vercel to launch a seamless, CAPTCHA-free bot protection to stop modern threats and preserve the user experience.

The post The Best CAPTCHA is No CAPTCHA: Introducing Vercel BotID, Powered by Kasada appeared first on Security Boulevard.