Weekly Top 10
Latest Posts
Consider Cybersecurity topics, authors and tags that you are interested in when trying to search. You can also enter your own custom search criteria . You can also select a topic or syndication source below to filter all the blog posts.
After several weeks of incredible growth, OpenAI has come in for a bumpy ride of late. First it revealed details of a data breach exposing a significant number of ChatGPT subscribers. Then the Italian data protection regulator (GPDP) became the first in Europe to ban the product for users in the country, for contravening the ...
Read More
Read More
The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: New research points to a trend in the rise of AI tools like ChatGPT with an increase in social ...
Read More
Read More
Security incidents can cost a chief information security officer (CISO) their job. For example, cybersecurity breaches at Capital One, Uber, Equifax and plenty of others have led to the firing or forced resignation of the companies’ respective CISOs. Whether all these removals were fair is up for debate, but regardless, there’s a growing incentive for ...
Read More
Read More
The Justice Department announced today a coordinated international operation against Genesis Market, a criminal online marketplace that advertised and sold packages of account access credentials – such as usernames and passwords for email, bank accounts, and social media – that had been stolen from malware-infected computers around the world. The post Criminal Marketplace Disrupted in ...
Read More
Read More
Now more than ever, organizations are relying on the supply chain for basic business operations. According to Charlie Jones, director of product management with ReversingLabs, there are two reasons for this: The global trend of digitalization and the rapid move to remote work during the pandemic. What those trends did was increase the reliance enterprise ...
Read More
Read More
Cybercriminals are using new and inventive strategies to target the personal assets of high-net-worth individuals. In the modern age, criminals can appropriate your assets and disrupt your personal privacy without ever stepping foot in the same country. Because of their wealth and status, high-net-worth individuals are at far greater risk of being targeted by cybercriminals ...
Read More
Read More
In today’s world, where almost everything is connected to the internet, cybersecurity is a top priority for businesses and individuals alike. Cyber threats are becoming more sophisticated, more coordinated, and more intelligent, and the need for effective security measures and lateral movement protection has become more urgent. One of the biggest gaps in cybersecurity is ...
Read More
Read More
The Biden administration’s recently released National Cybersecurity Strategy goes beyond the executive order it issued in 2021, which defined security measures any organization doing business with the federal government must follow. As our white paper details, the strategy shifts cybersecurity liability “away from individuals, small businesses, and local governments, and onto the organizations that are ...
Read More
Read More
The main challenge many of the cybersecurity products on the market today struggle to overcome is the difficulty of monitoring multi-cloud environments. Many are only capable of handling pieces of one environment rather than giving an enterprise visibility across all of their environments. This leaves costly gaps in their security posture and significantly increases the ...
Read More
Read More
Cyberattacks had yet another record-breaking year in 2022. Here's some statistics and trends on phishing, ransomware, and data breaches to be aware of ...
Read More
Read More
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink ...
Read More
Read More
Elon Musk’s remaining staff have open-sourced Twitter. Or, at least, they’ve put some of the code onto GitHub ...
Read More
Read More
Last week, Radware issued a threat alert to highlight the concern that Anonymous operations such as OpIsrael could present a renewed threat to organizations across multiple verticals within the country. This assessment was mainly attributed to the war in Ukraine and geopolitical tensions in and around Israel, spurring a renewed growth in hacktivism and setting ...
Read More
Read More
Best Certificate Transparency Logs Monitoring Solutions The only way to get full visibility to all certificates for an organization’s domains, is using Certificate Transparency logs. Certificate transparency (CT) is a security standard designed to increase the transparency and accountability of the certificate issuance process. CT logs are public, append-only cryptographically verifiable logs that record the ...
Read More
Read More
While credential theft is not new, credential theft attacks are increasingly sophisticated, and even novice attackers have easy access to Cybercrime as a Service (CaaS) kits. As such, it is important to understand the methods used by attackers, examine its impact on businesses, and learn about the security measures critical to credential theft prevention. Looking ...
Read More
Read More
User Access Reviews: on-demand insights to streamline compliance, reporting, and mitigate identity risks — whenever and wherever SaaS is used ...
Read More
Read More
Security AI usage has surged, and enterprises are reaping the benefits. In its 2022 Cost of a Data Breach Report, IBM found that organizations deploying security AI and automation incurred $3.05 million less on average in breach costs – the biggest cost saver found in the study. According to the study, organizations using security AI ...
Read More
Read More
via the comic artistry and dry wit of Randall Munroe, resident at XKCD! Permalink ...
Read More
Read More
Introducing Obsidian Integration Risk Management: Reducing the Risk of Third-Party SaaS Integrations
Third-party SaaS integrations are an essential component of many organizations’ operations, enabling them to improve efficiency and streamline workflows. However, these integrations can also introduce significant security risks, potentially exposing sensitive data to external threats. At Obsidian, we recognize the need for a comprehensive solution to address these risks, which is why we are excited ...
Read More
Read More
What’s behind the growing complexity plaguing security teams today and what can be done to combat it (Part 3 of 3)? The post The New Frontiers of Cybersecurity – Exponential Increase in Complexity appeared first on SafeBreach ...
Read More
Read More
On the one-year anniversary of Hydra's seizure, Flashpoint explores how threat actors have adapted to fill the market's void and fuel their illicit aims—from narcotics transactions to money laundering. The post Crypto, Cash-outs, and Closures: Surveying the Darknet Ecosystem in the Wake of Hydra Market appeared first on Flashpoint ...
Read More
Read More
In today’s blog we are going to review how Poshmark enabled API security using the Cequence Unified API Protection (UAP) solution to block automated account takeover (ATO) attacks that were overwhelming their online marketplace. Poshmark is a leading online marketplace that enables users to buy and sell new and secondhand styles for women, men, kids, homes, ...
Read More
Read More
Learn some steps you can take to diagnose an OOMKilled (Out of Memory) error in a Linux-based system. Out of memory errors in Kubernetes typically occur when a container or pod requests more memory than is available on the node, or when the container or pod uses more memory than anticipated. Container engines also use ...
Read More
Read More
It’s time to take a look into the application environment changes and examine whether a WAF is the best solution for protection applications. The post The On-Prem WAF is Dead. Long Live the Cloud WAF appeared first on Radware Blog ...
Read More
Read More
Introduction In today’s ever-evolving cyber landscape, organizations are investing in threat hunting programs to proactively search for and identify potential security threats before they wreak havoc. While these programs are undeniably valuable, their true worth often goes unrecognized, leaving security teams struggling to justify their investments to business leadership and stakeholders. That’s where reporting and ...
Read More
Read More
Data Center Infrastructure Management (DCIM) tools have been with us for the past 15 years at least. Initial implementations were often driven by a need to closely monitor physical infrastructures from a space, power, and cooling perspective. As energy costs continued to rise, and equipment densities in data centers continue to increase, the solution ...
Read More
Read More
On April 4, 2023, the FBI, alongside multiple international partners, reportedly seized domains associated with the illicit market Genesis Market as part of “Operation Cookie Monster.” The post Popular Illicit Shop Genesis Market Seized by Law Enforcement appeared first on Flashpoint ...
Read More
Read More
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink ...
Read More
Read More
Looking to learn about Apptega’s latest and greatest product updates? Well, you’re in the right place! Product and platform improvements this month focused on two main areas: ...
Read More
Read More
An authorized IRS eFile website is the latest victim of a JavaScript attack. eFile.com has become the victim of an attack which originated in a previously innocent JavaScript file. The javascript file, popper.js, was modified to include obfuscated code which redirected the browser to a legitimate looking error page. The post JavaScript: A Taxing Situation ...
Read More
Read More
Every website needs regular maintenance. WordPress maintenance involves checking your site’s configuration, functionality, security settings, available updates, unused files, and more. Just as with a house or a car, ongoing maintenance can prevent major technical issues down the line. Most WordPress maintenance tasks take minimal time and can even be automated. You might even use ...
Read More
Read More
DFARS Final Rule 252.204-7024, Use of Supplier Performance Risk System (SPRS) Assessments, (aka DFARS 7024) was published in March 2023 and effective immediately. It provides guidance to DoD Contracting Officers about how to use SPRS data. The Department of Defense (DoD) explains that “DFARS 7024 requires contracting officers to consider SPRS risk assessments, if ...
Read More
Read More
A data audit is a process used to identify and assess the security risks associated with a business’s sensitive data. Explore why data audits are necessary, and how to do them ...
Read More
Read More
Microservices is a software development approach where an application is divided into small, independent and loosely coupled services that work together to provide the application’s overall functionality. Each microservice is designed to perform a specific task or function and communicates with other microservices via lightweight APIs. In a microservices architecture, each microservice can be developed, ...
Read More
Read More
Orca Security today announced it added an ability to trace cloud security risks in production environments back to both the original code that created the issue and the developer that wrote it. Avi Shua, chief innovation officer for Orca Security, said the Cloud to Dev capabilities added to the company’s cloud-native application protection platform (CNAPP) ...
Read More
Read More
When I first started in the social engineering field, I had no idea how much it would impact my everyday […] ...
Read More
Read More
After only five months on the books, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is revamping its Cybersecurity Performance Goals, a set of recommendations designed to help identify and prioritize measures to address the most common and serious cyber risks faced by organizations today ...
Read More
Read More
The world of technology is rapidly changing, and businesses must keep up with the latest advancements to stay competitive. One of the most significant changes in recent years has been the Cloud revolution. The Cloud has transformed the way businesses operate, enabling them to become more efficient, cost-effective, and agile. The impact of the Cloud ...
Read More
Read More
MixMode, the leader in AI-driven network security, announces hiring John Phillips as VP of Federal Sales. Phillips will oversee the continued growth of MixMode’s federal business and adoption of the MixMode platform by federal partners, and he will be focused on accelerating MixMode’s triple-digit growth in 2021 and 2022 ...
Read More
Read More
Vulnerabilities in outdated WordPress plugins or themes can allow hackers access to your website. WPScan is a vulnerability scanner for your site, identifying critical vulnerabilities and helping you keep your site up-to-date and secure from cyber threats. The article serves as a step-by-step tutorial for beginner WordPress users to learn how to use WPScan to ...
Read More
Read More
January 4, 2019. This was the date of the inaugural episode of Root Causes – the first ever podcast dedicated to the changing and critically important world of PKI and digital certificates. Since its inception, Root Causes has fostered stimulating, timely conversation and commentary around major trends impacting the cybersecurity industry. This week, on April ...
Read More
Read More
Median IT security budgets have more than tripled—to $5.3 million in 2022 from $1.4 million in 2018—leading to a significant increase in the cost of combating cybersecurity threats over the past five years. These were the results of a Hiscox survey, which also revealed nearly a quarter (23%) of IT security budgets are now dedicated ...
Read More
Read More
The U.S. Department of Justice (DoJ) and the Department of Commerce launched a “Disruptive Technology Strike Force” to investigate and prosecute criminal violations of U.S. export control laws. The aim is to prevent foreign actors from obtaining potentially sensitive technologies, including semiconductors. The strike force will bring together government experts, including the FBI, Homeland Security ...
Read More
Read More
Incident response in the cloud. How is it different, and why do we need to pay more attention to it today, before something major happens tomorrow. James Campbell, CEO of Cado Security, shares his experience with traditional incident response, and how the cloud, with its elastic structure, able to spin ...
Read More
Read More
Identity and Access Management (IAM) is a critical component of cybersecurity, especially in business environments. IAM, in simple terms, is a framework of policies, practices and procedures to ensure that the right users have access to the right resources and systems at the right time. This article discusses IAM, its technical and business implications and ...
Read More
Read More
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad ...
Read More
Read More
Discover the different capabilities of available security validation technologies and understand how they perform in different IT environments, including cloud, on-premise, and hybrid. The post Six Technology Options to Test Your Organization’s Resilience to Cyberattacks appeared first on SafeBreach ...
Read More
Read More
Learn how Synopsys handles scoping and data gathering, two of five necessary steps in creating a useful threat modeling ...
Read More
Read More
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink ...
Read More
Read More
The Diamond Model of Intrusion Analysis can help facilitate breach detection and remediation, but it’s important to consider other models and technology options that highlight efficiency. Read our blog for a complete guide. b ...
Read More
Read More
