OBETEC

Cybersecurity News. Patch, Patch, Patch! Critical vulnerabilities identified by Microsoft with latest release. Cheers, Chilli. ??? https://lnkd.in/gSgRUAK3 #ITSecurity #Infosec #Appsec #Cybersecurity #Microsoft #Patch

IT Security News. A good article on DSPM (Data Security Posture Management). YAA (Yet Another Acronym)! LOL (Laugh Out Loud). Stay Vigilant, Stay Secure! Cheers, Chilli. ??? https://lnkd.in/gQBs-xkr #ITSecurity #Infosec #Appsec #Cybersecurity #DSPM

IMPORTANT

Cybersecurity News. Election interference coming in the next Federal Election in Canada? Has this already happened? Stay Vigilant, Stay Secure. Chilli. ??? https://lnkd.in/emj78s9j #ITSecurity #Infosec #Appsec #Cybersecurity #Canada #ElectionCanada #ElectionsCanada

Cybersecurity News. Hardware Security is a vital part of an overall Cybersecurity Hygiene. All Hardware is created based on Software that may be focused on that specific Hardware platform. I might add that robust Secure Software Development Life Cycle (SSDLC) needs to be incorporated as part of any Hardware development - unfortunately, this is often overlooked with OT and IoT devices. Stay Secure, Stay Diligent! Cheers, Chilli. ??? #ITSecurity #Infosec #Appsec #Cybersecurity #Hardware #Software #SDLC #SSDLC

Cybersecurity News. Political influence of Cybersecurity in the UK? What me worry? Stay Diligent, Stay Safe! Chilli. ??? https://lnkd.in/edVEFTPk #Cybersecurity #Infosec #Appsec #ITSecurity #HomeOffice #NCSC

Cybersecurity News. Top 6 Cybersecurity trends from Gartner Group. I particularly like the Cyber-Tool consolidation as this has several benefits, including: 1) Reduced Complexity, 2) Tool Integration Focus, 3) Reduced Product and Licensing Costs, 4) Reduce Operational Costs. This will likely lead to better cybersecurity posture. Stay Vigilant, Stay Secure! Cheers, Chilli. ??? https://lnkd.in/gqkQFRuk #ITSecurity #Infosec #Appsec #Cybersecurity #ToolConsolidation

IT Security News. An interesting analysis of the current state of the Cybersecurity Job Market. Cheers, Chilli. ??? https://lnkd.in/eS9c8Wze #ITSecurity #Infosec #Appsec #Cybersecurity #CyberJobs #CybersecurityJobs

AI Training Data Exposes Nearly 12,000 API Keys & Passwords A recent investigation by Truffle Security uncovered 11,908 valid secrets—including AWS root keys and MailChimp API keys—within the Common Crawl dataset, a widely used web archive for training AI models. Here are the key takeaways: ? LLMs May Be Trained on Insecure Code – These secrets were hardcoded into front-end HTML and JavaScript, making them publicly accessible. ? 219 Distinct Secret Types Found – Among them, MailChimp API keys were the most common, with nearly 1,500 unique keys exposed. ? Risk of Malicious Exploits – Attackers could use leaked keys for phishing, brand impersonation, or data exfiltration. ? High Reuse Rate of Leaked Secrets – 63% of the exposed keys appeared on multiple web pages. One WalkScore API key was found 57,029 times across 1,871 subdomains. ? Slack Webhooks at Risk – One webpage contained 17 live Slack webhook URLs, which could allow unauthorized message posting. ?? Why It Matters: Even though AI training data undergoes pre-processing and filtering, sensitive data still slips through. This underscores the need for secure coding practices, regular secret scanning, and proper key management. ?? Take Action: Developers: Never hardcode API keys in front-end code. Use environment variables. Organizations: Regularly audit datasets for sensitive leaks. AI Practitioners: Ensure LLM training data is properly sanitized. Read more: https://lnkd.in/e7dExM7E #CyberSecurity #AI #DataPrivacy #LLMSecurity #APISecurity

AI Training Data Exposes Nearly 12,000 API Keys & Passwords A recent investigation by Truffle Security uncovered 11,908 valid secrets—including AWS root keys and MailChimp API keys—within the Common Crawl dataset, a widely used web archive for training AI models. Here are the key takeaways: ? LLMs May Be Trained on Insecure Code – These secrets were hardcoded into front-end HTML and JavaScript, making them publicly accessible. ? 219 Distinct Secret Types Found – Among them, MailChimp API keys were the most common, with nearly 1,500 unique keys exposed. ? Risk of Malicious Exploits – Attackers could use leaked keys for phishing, brand impersonation, or data exfiltration. ? High Reuse Rate of Leaked Secrets – 63% of the exposed keys appeared on multiple web pages. One WalkScore API key was found 57,029 times across 1,871 subdomains. ? Slack Webhooks at Risk – One webpage contained 17 live Slack webhook URLs, which could allow unauthorized message posting. ?? Why It Matters: Even though AI training data undergoes pre-processing and filtering, sensitive data still slips through. This underscores the need for secure coding practices, regular secret scanning, and proper key management. ?? Take Action: Developers: Never hardcode API keys in front-end code. Use environment variables. Organizations: Regularly audit datasets for sensitive leaks. AI Practitioners: Ensure LLM training data is properly sanitized. Read more: https://lnkd.in/e7dExM7E #CyberSecurity #AI #DataPrivacy #LLMSecurity #APISecurity