The security in smartphones is helping send them to landfills

Billions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these devices sti… Continue reading The security in smartphones is helping send them to landfills

NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure

BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtua… Continue reading NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure

Treating AI agents like service accounts for federated query security

In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions… Continue reading Treating AI agents like service accounts for federated query security

DockSec: Open-source AI-powered Docker security scanner

DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer&#8217… Continue reading DockSec: Open-source AI-powered Docker security scanner

Thieves can pull off keyless car theft in under a minute and here’s how to stop them

A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough. No broken glass. No alarm. No sound. Most keyless cars remain vulnerable The vulnerabili… Continue reading Thieves can pull off keyless car theft in under a minute and here’s how to stop them

OAuth marketplace apps keep access after publishers vanish

Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps … Continue reading OAuth marketplace apps keep access after publishers vanish

Spotless compliance evidence can still hide a broken control

In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 req… Continue reading Spotless compliance evidence can still hide a broken control

Only 11% of production agents pass the AI agent security bar

Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all… Continue reading Only 11% of production agents pass the AI agent security bar