Machine Learning Applications in the Cybersecurity Space
Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques.
Machine learning techniques extract information...
BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration
This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, and Diego Matos Martins.
BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force...
Now Social Engineering Attackers Have AI. Do You?
Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code.
The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code...
Despite Tech Layoffs, Cybersecurity Positions are Hiring
It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions...
How I Got Started: White Hat Hacker
White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately...
Heads Up CEO! Cyber Risk Influences Company Credit Ratings
More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating.
Credit rating agencies continuously strive to gain a better understanding of the risks that companies face....
CISA, NSA Issue New IAM Best Practice Guidelines
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators.
As the industry increasingly moves towards cloud and hybrid computing environments,...
6 Ways to Mitigate Risk While Expanding Access
The World Economic Forum recently published a list of trends that are likely to shape the future of cybersecurity by 2030. The article names “progress in cybersecurity, but access must be widened” as a top trend.
If these two goals seem...
Hypervisors and Ransomware: Defending Attractive Targets
With every step towards better cyber defense, malicious attackers counter with new tactics, techniques and procedures. It’s not like the attackers are going to say, “All right, you made it too tough for us this time; we’re checking out.”...
NIST Launches Cybersecurity Initiative for Small Businesses
For small organizations, the current cyber threat landscape is brutal. While big-name breaches steal the headlines, small businesses suffer the most from ransomware attacks. Additionally, other studies reveal that only half of all small businesses are prepared for a...
Educating Your Board of Directors on Cybersecurity
Many, if not the majority of, big decisions at organizations come from the boardroom. Typically, the board of directors focuses on driving the direction of the company. Because most boards approve yearly budgets, they have significant oversight of resources...
HEAT and EASM: What to Know About the Top Acronyms at RSA
The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on.
So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the...
Is Patching the Holy Grail of Cybersecurity?
A proactive approach to cybersecurity includes ensuring all software is up-to-date across assets. This also includes applying patches to close up vulnerabilities. This practice minimizes risk, as it eliminates outdated software versions in the process. Does this make patching...
IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market
KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures...
Are Ransomware Attacks Declining, or Has Reporting Worsened?
While examining the state of ransomware in 2023, the statistics show promise — at least on the surface. According to the IBM X-Force Threat Intelligence Index 2023, “Ransomware’s share of incidents declined from 21% in 2021 to 17% in...
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?
height="315" class="aligncenter size-full wp-image-292324" />
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and...
