Tag: best practices
-
Schneier on Security: Biden Signs New Cybersecurity Order
Source URL: https://www.schneier.com/blog/archives/2025/01/biden-signs-new-cybersecurity-order.html Source: Schneier on Security Title: Biden Signs New Cybersecurity Order Feedly Summary: President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of the executive order is an array of mandates…
-
Simon Willison’s Weblog: Lessons From Red Teaming 100 Generative AI Products
Source URL: https://simonwillison.net/2025/Jan/18/lessons-from-red-teaming/ Source: Simon Willison’s Weblog Title: Lessons From Red Teaming 100 Generative AI Products Feedly Summary: Lessons From Red Teaming 100 Generative AI Products New paper from Microsoft describing their top eight lessons learned red teaming (deliberately seeking security vulnerabilities in) 100 different generative AI models and products over the past few years.…
-
Hacker News: Fun with Timing Attacks
Source URL: https://ostro.ws/post-timing-attacks Source: Hacker News Title: Fun with Timing Attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides an in-depth examination of a potential vulnerability within a simple JavaScript function used to compare user input against a secret value. It emphasizes how timing attacks can exploit non-constant-time comparison functions like…
-
The Register: Fortinet: FortiGate config leaks are genuine but misleading
Source URL: https://www.theregister.com/2025/01/17/fortinet_fortigate_config_leaks/ Source: The Register Title: Fortinet: FortiGate config leaks are genuine but misleading Feedly Summary: Competition hots up with Ivanti over who can have the worst start to a year Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid…
-
Alerts: CISA and FBI Release Updated Guidance on Product Security Bad Practices
Source URL: https://www.cisa.gov/news-events/alerts/2025/01/17/cisa-and-fbi-release-updated-guidance-product-security-bad-practices Source: Alerts Title: CISA and FBI Release Updated Guidance on Product Security Bad Practices Feedly Summary: In partnership with the Federal Bureau of Investigation (FBI), CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received…
-
Cloud Blog: Cloud CISO Perspectives: Talk cyber in business terms to win allies
Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-talk-cyber-in-business-terms-to-win-allies/ Source: Cloud Blog Title: Cloud CISO Perspectives: Talk cyber in business terms to win allies Feedly Summary: Welcome to the first Cloud CISO Perspectives for January 2025. We’re starting off the year at the top with boards of directors, and how talking about cybersecurity in business terms can help us better convey…
-
CSA: AI and Compliance for the Mid-Market
Source URL: https://www.scrut.io/post/ai-and-compliance-for-the-mid-market Source: CSA Title: AI and Compliance for the Mid-Market Feedly Summary: AI Summary and Description: Yes **Summary:** The text emphasizes the urgent need for small and medium-sized businesses (SMBs) to adopt AI responsibly, given the potential cybersecurity vulnerabilities and evolving regulatory landscape associated with AI technologies. It outlines practical guidance and standards…
-
Chip Huyen: Common pitfalls when building generative AI applications
Source URL: https://huyenchip.com//2025/01/16/ai-engineering-pitfalls.html Source: Chip Huyen Title: Common pitfalls when building generative AI applications Feedly Summary: As we’re still in the early days of building applications with foundation models, it’s normal to make mistakes. This is a quick note with examples of some of the most common pitfalls that I’ve seen, both from public case…