Security Boulevard

Is Your NHI Lifecycle Management Really Satisfying Your Security Needs? I invite you to ponder this question: Is your Non-Human Identity Lifecycle Management (NHI) really delivering the security outcomes you desire? NHIs, or machine identities, play a crucial role. Think of them as digital “tourists” traversing your system, complete with their unique passports (secrets) and […]

The post Satisfied with Your NHI Lifecycle Management? appeared first on Entro.

The post Satisfied with Your NHI Lifecycle Management? appeared first on Security Boulevard.

We’re looking at how DMARC adoption is shaping the email security landscape of colleges and universities in North America.

The post DMARC Adoption in U.S. and Canada Higher Education Sector appeared first on Security Boulevard.

As organizations increasingly adopt cloud-native technologies, securing Kubernetes infrastructure has become more important than ever. Cloud-native security encompasses practices and tools designed specifically to protect applications, data, and infrastructure in today’s ephemeral, distributed cloud environments. By aligning cloud native security practices with regulatory requirements, you can better ensure compliance, which is critical for organizations operating in industries such as finance and healthcare.

The post Cloud Native Security: How to Protect Your Kubernetes Infrastructure appeared first on Security Boulevard.

Authors/Presenters: Kris Rides, Silvia Lemos, Ricki Burke, Kirsten Renner

Our sincere appreciation to [BSidesLV][1], and the Presenters/Authors for publishing their erudite [Security BSidesLV24][2] content. Originating from the conference’s events located at the [Tuscany Suites & Casino][3]; and via the organizations [YouTube][4] channel.

Permalink

The post BSidesLV24 – HireGround – What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things appeared first on Security Boulevard.

Hunters International, the RaaS group that some believe evolved from Hive, appears to be rebranding and shifting operations, moving away from an unprofitable and risky ransomware business and focusing solely on exfiltrating data and extorting victims, say Group-IB researchers.

The post Hunters International Dumps Ransomware, Goes Full-on Extortion appeared first on Security Boulevard.

If you’re part of the defense industrial base and you’re seeking CMMC certification, there’s a very good chance you’re aiming for Level 2. Level 1 is mostly meant for businesses with a focus on federal contract information but not CUI, while Level 3 is meant for businesses handling the most sensitive kinds of CUI; since […]

The post CMMC Level 2 Documentation: What Auditors Want to See appeared first on Security Boulevard.

Microsoft’s approach offers a compelling opportunity to secure AI, leverage AI-driven security tools and establish a self-reinforcing ecosystem where AI agents effectively collaborate within defined organizational boundaries

The post AI Security Got Complicated Fast. Here’s How Microsoft is Simplifying It appeared first on Security Boulevard.

Classic “wordplay:” Larry’s PR angels desperately dance on the head of a pin.

The post Oracle Hack: From ‘Deny-Deny-Deny’ to ‘Oops-Oops-Oops’ appeared first on Security Boulevard.

Introducing Impart + Cursor: Truly Autonomous Application Protection Runtime Security Without the Babysitting

Security teams can now define application protection policies declaratively in Impart — with Cursor's agent executing them safely and autonomously, eliminating the need for tedious clickops.

Why This Matters

Application protection has traditionally been a necessary burden. Security engineers find themselves trapped in a cycle of managing brittle regex rules, wrestling with unwieldy WAF interfaces, and constantly troubleshooting policy misconfigurations that disrupt production.

This manual toil isn't just frustrating — it's a significant business risk that drains resources and creates vulnerabilities.

Our integration with Cursor transforms this landscape by offering declarative security policies that are autonomously executed at runtime, freeing your team to focus on strategic security initiatives rather than repetitive maintenance.

‍

Why Now Is the Time

Security teams are increasingly strained, trying to secure complex, rapidly evolving application stacks while facing:

• 61% of security teams reporting WAF configuration as one of their most significant time drains, according to a 2023 Ponemon Institute study on application security practices¹
• 78% of production incidents related to application protection stemming from human error or misconfigured rules, as reported in Verizon's 2024 Data Breach Investigations Report²
• 92% of teams exploring AI or agentic workflows to enhance velocity without compromising security, based on Gartner's 2024 Security & Risk Management Survey³

Impart + Cursor Agent delivers the solution these teams desperately need.

What Sets This Integration Apart

In a market saturated with automated and agentic detection tools, Impart stands alone as a comprehensive solution for automated and agentic application protection.

Impart + Cursor provides:

• ✍️ Rules-as-code DSL — human-readable, composable, and fully declarative
• 🧠 Runtime agentic execution — Cursor intelligently translates policy into action
• 🧪 Pre-deployment simulation — comprehensive testing before production deployment
• 🔒 Memory + state-aware logic — contextual rules that understand history
• 📝 Auditability by design — transparent, team-readable policies that simplify compliance

This isn't just detection and visibility — it's real time protection that operates independently in production environments.

What We've Released

With this integration, you can now:

• Create and manage sophisticated application protection policies directly within Impart
• Leverage Cursor's agent to enforce those policies autonomously at runtime
• Simulate policy behavior before deployment to ensure reliability
• Eliminate clickops, brittle regex patterns, and security guesswork

Security engineers now have the power to move quickly, maintain robust security, and escape the chaos of manual WAF operations once and for all.

Get Started Today

Ready to experience what truly agentic application protection looks like?

👉 Book a demo

Say goodbye to clickops. Say hello to autonomous protection.

‍

‍

The post Design, implement, and deploy application protection policies with Cursor Agent | Impart Security appeared first on Security Boulevard.

CISA, the FBI, and NSA issued an advisory about the national security threat posed by "fast flux," a technique used by threat actors to evade detection of their C2 infrastructures that has been around for two decades but has seen a resurgence in use by ransomware gangs and nation-state bad actors.

The post Longtime ‘Fast Flux’ Evasion Technique Now a National Security Threat appeared first on Security Boulevard.

Check out the security controls that SANS Institute says are essential for protecting your AI systems. Plus, the U.K. NCSC urges organizations to adopt newer API security techniques. In addition, CISA and other cyber agencies warn that attackers are using “fast flux” techniques to conceal their actions. And much more!

Dive into five things that are top of mind for the week ending April 4.

1 - SANS: Six critical controls for securing AI systems

How do you protect the growing number of artificial intelligence (AI) systems your organization is gleefully deploying to improve business operations?

That’s a critical question cybersecurity teams grapple with every day. In an effort to help bring clarity to this issue, SANS Institute this week published draft guidelines for AI system security.

The “SANS Draft Critical AI Security Guidelines v1.1” document outlines these six key security control categories for mitigating AI systems' cyber risks.

• Access controls methods, including:
  • Least privilege, for ensuring that users, APIs and systems have the minimum-necessary access to AI systems
  • Zero trust, for vetting all interactions with AI models
  • API monitoring, for flagging potentially malicious API usage
• Protections for AI operational and training data, including:
  • Data integrity of AI models
  • Prevention of tampering with AI prompts 
• Secure deployment decisions, including:
  • On-premises versus cloud, based on criteria like performance expectations and regulatory requirements
  • Development environments integrated with large language models (LLMs) that don't expose secrets, such as API keys and algorithms

 

 

• Inference security for preventing malicious input attacks, including:
  • Adoption of response policies for AI outputs
  • Prompt filtering and validations for mitigating prompt injection attacks
• Continuous monitoring of AI models, including:
  • Refusal of inappropriate queries
  • Detection of unauthorized model changes
  • Logging of prompts and outputs
• Governance, risk and compliance for complying with data protection and privacy regulations, including:
  • Adoption of AI risk management frameworks
  • Maintaining an AI bill of materials to track AI supply chain dependencies
  • Use of model registries to track AI model lifecycles

“By prioritizing security and compliance, organizations can ensure their AI-driven innovations remain effective and safe in this complex, ever-evolving landscape,” the document reads.

In addition to the six critical security controls, SANS also offers advice for deploying AI models, recommending that organizations do it gradually and incrementally, starting with non-critical systems; that they establish a central AI governance board; and that they draft an AI incident response plan.

For more information about securing AI systems against cyberattacks, check out these Tenable resources:

• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)
• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Who's Afraid of AI Risk in Cloud Environments?” (blog)
•  “Tenable Cloud AI Risk Report 2025” (research report)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (blog)

2 - NCSC: Obsolete API security is a gift for cyber attackers

Organizations must update their methods for securing their application programming interfaces (APIs), including by using stronger authentication.

So said the U.K. National Cyber Security Centre (NCSC) this week in a new guidance document titled “Securing HTTP-based APIs,” published in the wake of several high-profile API breaches.

“Strengthening API security should not simply be seen as a protective measure; it can also enable organisations to enhance agility, simplicity and productivity,” reads a companion NCSC blog titled “New guidance on securing HTTP-based APIs.”

Unfortunately, many organizations rely on outdated API-security practices, including:

• Use of basic authentication
• Lack of rate-limiting and user-throttling capabilities
• Unprotected endpoints
• Code-stored credentials
• Use of URLs to transmit sensitive data
• Lax input validation
• Unencrypted API traffic via HTTPs
• Weak logging and monitoring

 

NCSC offers detailed recommendations to boost the security of your HTTP-based APIs in areas including:

• Development practices
• Authentication and authorization
• Protection of in-transit data
• Input validation
• Denial-of-service attack mitigation
• Logging and monitoring
• Exposure limitation

For example, NCSC recommends adopting strong authentication frameworks like OAuth 2.0 or token-based authentication. It also suggests doing a threat modeling analysis of your API design.

Another recommendation is to develop APIs’ applications in a secure development and delivery environment; and to use secure standards, such as JSON for data exchange and TLS cryptography for in-transit data.

For more information about API security:

• “OWASP API Security Project” (OWASP)
• “13 API security best practices to protect your business” (TechTarget)
• “4 Main API Security Risks Organizations Need to Address” (Dark Reading)
• “API security maturity model to assess API security posture” (TechTarget)
• “99% of Organizations Report API-Related Security Issues” (Infosecurity Magazine)

3 - Alert: Attackers using “fast flux” technique to hide their tracks

Cyber attackers are leveraging a technique called “fast flux” to evade detection and conceal their actions, so critical infrastructure organizations, internet service providers and governments must prioritize addressing this critical threat.

The warning comes via a joint cybersecurity advisory issued this week by the governments of Australia, Canada, New Zealand and the U.S.

“Fast flux represents a persistent threat to network security, leveraging rapidly changing infrastructure to obfuscate malicious activity,” reads the advisory, titled “Fast Flux: A National Security Threat.”

“By implementing robust detection and mitigation strategies, organizations can significantly reduce their risk of compromise by fast flux-enabled threats,” the document adds. 

 

A type of dynamic resolution technique, “fast flux” allows cyber criminals, nation-state actors and other cyber attackers to:

• Disguise the location of their servers by quickly their changing domain name system (DNS) records, such as their IP address
• Stand up robust and stealthy command-and-control (C2) operations
• Set up malicious websites for phishing campaigns that are difficult to block and take down

Governments, critical infrastructure organizations, ISPs, cybersecurity service providers and protective DNS service providers should take “a multi-layered approach to detection and mitigation to reduce risk of compromise by fast flux-enabled threats,” reads an alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

“Fast flux” mitigation recommendations include:

• Block access to IP addresses and domains associated with malicious “fast flux” networks, and sinkhole these domains to controlled servers to analyze their traffic.
• Increase monitoring and logging of DNS and network traffic; and set up “fast flux” alert mechanisms.
• Share “fast flux” detection indicators, such as domains and IP addresses, with partners and threat intelligence communities via, for example, the U.S.’s Automated Indicator Sharing and Australia’s Cyber Threat Intelligence Sharing Platform.
• Train employees on phishing detection and response, and adopt policies and procedures for dealing with phishing inciddents facilitated by “fast flux” networks.

Agencies that co-authored this advisory include CISA, the U.S. Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre, the Canadian Centre for Cyber Security and New Zealand’s Nation Cyber Security Centre.

For more information about the “fast flux” technique:

• “Dynamic Resolution: Fast Flux DNS” (MITRE)
• “Fast-flux botnet detection from network traffic” (IEEE)
• “Fast Flux DNS” (DevX)
• "What is DNS Fast Flux?" (Knowledge Academy)
• "DNS-Based Fast-Flux Botnet Detection Approach" (ICTERI)

4 - Tenable polls webinar attendees on API security

During a recent webinar about our Tenable Web Application Scanning product, we polled attendees about their API security practices, including API discovery and protection. Check out what they said.

(41 webinar attendees polled by Tenable, April 2025)

(38 webinar attendees polled by Tenable, April 2025)

To learn more about API security and about what’s new in Tenable Web Application Scanning, watch the webinar on demand.

5 - U.S. House looks at cybersecurity of local, state governments

A U.S. House of Representatives subcommittee held a hearing this week about the ability of U.S. state, local, tribal and territorial (SLTT) governments to address rapidly-changing cyber threats.

Also discussed: The future of the “State and Local Cybersecurity Grant Program” (SLCGP), which was established in 2021 to help boost SLTT governments’ cybersecurity preparedness and which is set to expire in September.

“Cybersecurity is a whole-of-society challenge, meaning the Federal government must continue to support and strengthen cybersecurity at the state and local levels to protect our nation’s networks and critical infrastructure,” said Rep. Andrew Garbarino (R-NY), Chairman of the House Subcommittee on Cybersecurity and Infrastructure Protection.

Tenable Chief Security Officer Robert Huber was one of four experts who testified during the hearing, titled “Cybersecurity is Local, Too: Assessing the State and Local Cybersecurity Grant Program.”

 

Huber, who is also Tenable’s Head of Research and President of Tenable Public Sector, emphasized the importance of the SLCGP in strengthening cybersecurity and critical infrastructure, while recommending grant process improvements to increase participation.

Check out a few minutes of Huber’s participation in the hearing:

 For more information about cybersecurity challenges of state and local governments:

• “Cybersecurity challenges faced by local governments in 2025” (American City & County)
• “Local governments need more cyber funding, report finds” (StateScoop)
• “State and Local Governments’ Cyber Resilience Efforts Face Constraints” (StateTech)
• "Cybersecurity Resources for Local Governments" (Municipal Research and Services Center)
• "Closing digital divide will boost cyber too, NASCIO says" (StateScoop)

The post Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods appeared first on Security Boulevard.

Vulnerability assessment is a process that identifies security weaknesses of any IT system, network, application, or cloud environment. It is a proactive approach to detect and fix security gaps before...

The post The Ultimate Guide to Vulnerability Assessment appeared first on Strobes Security.

The post The Ultimate Guide to Vulnerability Assessment appeared first on Security Boulevard.

Q1 Goals to Gaps in Security: The Rise of HR-Themed Phishing

The post Q1 Goals to Gaps in Security: The Rise of HR-Themed Phishing appeared first on Security Boulevard.

Artificial Intelligence (AI) has quickly become an integral part of modern workflows, with AI-powered applications like copilots, chatbots, and large-scale language models streamlining automation, decision-making, and data processing. However, these same tools introduce significant security risks—often in ways organizations fail to anticipate.

The post The Fast Flux DNS Threat: A Call to Action Against a Geopolitical and Hacktivist Nightmare appeared first on Security Boulevard.

The post 5 Reasons to Secure Firmware in Financial Services Organizations appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post 5 Reasons to Secure Firmware in Financial Services Organizations appeared first on Security Boulevard.

Are You Truly Equipped to Tame Secrets Sprawl? Managing secrets sprawl is no trifling matter. A significant challenge lying in the labyrinth of cloud security, secrets sprawl could pose a hefty risk to your organization’s data security. So, are you fully geared to combat this beast? Decoding Secrets Sprawl: An Invisible Threat Secrets sprawl refers […]

The post Are You Capable of Handling Secrets Sprawl? appeared first on Entro.

The post Are You Capable of Handling Secrets Sprawl? appeared first on Security Boulevard.

Why Should You Be Excited About Innovations in Identity and Access Management (IAM)? If you’re a Cybersecurity professional or CISO, you understand the value of Non-Human Identities (NHI) and Secrets Management. The burning question, then, is “Why should you be excited about innovations in IAM?” IAM, or Identity and Access Management, is a critical piece […]

The post Get Excited About Innovations in IAM appeared first on Entro.

The post Get Excited About Innovations in IAM appeared first on Security Boulevard.

Strengthened Cloud Compliance: Why Machine Identities Hold the Key? The importance of robust cybersecurity practices and tools cannot be overstressed. One area that demands particular attention is the management of Non-Human Identities (NHIs) and secret security, which is critical for ensuring the highest level of compliance assurance. Unraveling the Concept of Non-Human Identities and Secrets […]

The post Feel Assured with Enhanced Cloud Compliance appeared first on Entro.

The post Feel Assured with Enhanced Cloud Compliance appeared first on Security Boulevard.

See how a top retailer protected revenue and customer trust during a major spring sale — with faster checkouts and zero downtime.

The post How to Protect Your Spring Sale from Bots appeared first on Security Boulevard.

DataDome stopped a 28M-request Flash DDoS in real time—no downtime or disruption for the $3B e-commerce platform under attack.

The post How DataDome Instantly Blocked a 28M-Request Flash DDoS Attack For a $3B E-Commerce Leader appeared first on Security Boulevard.