When you hear the term “chatbot,” your mind may at first turn to things like robotic customer support services on retail websites – a relatively mundane use case for chatbots, and one that is probably hard to get excited about if you’re a security engineer. But, the fact is that chatbots can do much more than provide customer support.

The FBI published their 2021 Internet Crime Report with data from the FBI’s Internet Crime Complaint Center (IC3). This report shows that Business Email Compromise (BEC) / Email Account Compromise (EAC) attacks far exceed the volume and losses of Ransomware attacks. Organizations need to be prepared and know who they are going to call when they experience BEC/EAC, as well as ransomware, or other high-severity incidents.

Discovering security threats is good and well. But, in many cases, simply knowing that a threat may exist is not enough. Instead, you also need threat intelligence enrichment. Threat enrichment plays a critical role in helping to evaluate and contextualize threats, root out false positives and gain the insights necessary to mitigate risks as efficiently and quickly as possible.

The Arctic Wolf team is having a great time in Boston at AWS re:Inforce 2022. What a wonderful show! It has been thrilling to connect with industry leaders and AWS experts from across the world–and it was equally thrilling for us to announce that Arctic Wolf has achieved the newly introduced Level 1 MSSP specialization in Digital Forensics Incident Response (DFIR).

On Thursday, July 21, 2022, SonicWall disclosed a critical severity vulnerability – CVE-2022-22280 – impacting their Analytics On-Prem and Global Management System (GMS) products, which are used for central management and deployment of SonicWall firewalls, email security, remote access, and other solutions.

On Wednesday, July 20, 2022, Cisco disclosed a critical severity vulnerability – CVE-2022-20857 – impacting Cisco Nexus Dashboard, an integrated dashboard used for visibility and provisioning data center and cloud network infrastructure. If successfully exploited, the vulnerability could allow an unauthenticated, remote threat actor to execute arbitrary commands as the root user in any pod on a node.

On Wednesday, July 20, 2022, Atlassian released patches to remediate two critical vulnerabilities (CVE-2022-26136 and CVE-2022-26137) that impact how Atlassian products implement Servlet Filters and could lead to unauthenticated authentication bypass, cross-site scripting (XSS), or cross-origin resource sharing (CORS) bypass depending on the filters used by each impacted product.

When it comes to protecting your business, there is no such thing as being too cautious. In today's increasingly connected world, cyberattacks are becoming more and more common, and the stakes are higher than ever before. That's why many businesses are turning to 24/7 SOC through a managed security services provider (MSSP) to protect their business.

Shifting security left means preventing developers from using unacceptably vulnerable software supply chain components as early as possible: before their first build. By helping assure that no build is ever created using packages with known vulnerabilities, this saves substantial remediation costs in advance. Some JFrog customers restrict the use of open source software (OSS) packages to only those that have been screened and approved by their security team.

Control flows are the backbone of automation. Identifying what to do with a set of data – and how – is a key component of high-value automation, but it can also be confusing to wrap your head around at first. What is a conditional? And what does it have to do with a loop? How do you deal with a set of information versus a single data point?

It’s been just over a month since cybersecurity conferences returned in a big way with the comeback of RSA Conference after last year’s hiatus. A lot happened between 2020 and 2022 in the world, our lives, and cybersecurity, including the birth of a little no-code security automation start-up named Torq. RSAC 2022 was a great place to catch up on these changes and look forward to emerging trends and security needs.

The German IT Security Act 2.0 (IT-SiG 2.0) has been in force since May 2021. Due to this new law, significantly more German companies have been classified as operators of critical infrastructures (KRITIS) than ever. This is a major cause of headaches for many managers. In addition, IT departments are starting to ask themselves: "Are we now regarded as KRITIS"? And if so, "What do we have to take into consideration?"

The Verizon Data Breach Investigations Report (DBIR) is an annual publication that provides an analysis of information security incidents, with a specific focus on data breaches. Verizon has been publishing this report on an annual basis since 2008.

Organizations are moving workloads to the cloud to help keep pace with the speed of innovation. However, too often this is done without a proper plan in place to ensure that their security doesn’t fall behind. The potential financial and reputational damage, as well as the risk of lost data from a breach is massive, and that makes proper planning crucial.

Temperatures rose in June, and the threat of serious cyber attacks soared along with them. The start of summer saw revelations of major breaches in confidential medical information, a case study for changing-up hacked passwords, another round of victimization for people whose data has already been sold once before, and one high-profile threat to undermine an entire democracy. Let’s take a closer look at these troubling instances, plus one controversial effort to rein in the crimewave.

Security Operation Centers (SOCs) offer a robust method of ensuring cybersecurity and safety within an organization. Their demand has continued to grow, specifically with a significant rise in cyber-attacks amidst a looming cybersecurity skills gap. However, despite a typical SOC analyst's immense training and knowledge, mitigating the increase in cyber-attacks is no easy job.

Cyber insurance has become increasingly expensive for most policyholders. Various organizations, including industry heavyweights such as Aon who have predicted premium hikes between 20% and 50% this year. There are even reports of premium increases as high as 1,000% for organizations with the highest risk. Unfortunately, many of these premium increases occur with little warning, often within a few weeks of a policy renewal.