Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As of January 17, 2025, all financial entities and their information and communication technology (ICT) service providers catering to EU entities must comply with the Digital Operational Resilience Act (DORA). ‍ If you’re new to the regulation, you can reduce the potential overwhelm caused by its various requirements by using a concise compliance checklist. To help, we’ve created a robust guide that covers everything you should know, including: ‍

A PowerShell function is a block of code designed to perform a specific task. Once a function is created and tested, it can be used in multiple scripts, reducing coding effort and risk of errors. Using well-named functions also makes scripts easier to read and maintain. And since functions can return values that can be used as input to other functions or code blocks, they facilitate building complex operations.

Welcome back to our series on the evolution of scalper bots. So far, we have traced scalping from its early ticket resale roots to the rise of automated bots. We have explored the ongoing battle between bot developers and anti-bot defenses and examined how scalping evolved into a professionalized, multi-million-dollar industry. In our last post, we uncovered a hidden sub-market where traders aggressively bought, sold, and exchanged bot licenses just like the products they acquired.

In the inaugural episode of the Security Matters podcast, host David Puner dives into the world of AI security with CyberArk Labs’ Principal Cyber Researcher, Eran Shimony. Discover how FuzzyAI is revolutionizing the protection of large language models (LLMs) by identifying vulnerabilities before attackers can exploit them. Learn about the challenges of securing generative AI and the innovative techniques used to stay ahead of threats.

Researchers recently found another Software Supply Chain issue in BoltDB, a popular database tool in the Go programming environment. The BoltDB Go Module was found backdoored and contained hidden malicious code. This version took advantage of how Go manages and caches its modules, allowing it to go unnoticed for several years. This backdoor allows hackers to remotely control infected computers through a server that sends them commands i.e. via a command and control server.

Traditionally, data security focused on protecting data at rest within the confines of your on-premise data center. The cloud era has blurred these lines. Data now flows through complex pipelines, often traversing multiple services and third-party vendors. This expanded data perimeter creates new vulnerabilities: It’s crucial to ensure that the data loaded into warehouses and analytics tools is scanned for sensitive information and redacted or redirected accordingly.

The introduction of OpenAI’s ‘Operator’ is a game changer for AI-driven automation. Currently designed for consumers, it’s only a matter of time before such web-based AI agents are widely adopted in the workplace. These agents aren’t just chatbots; they replicate human interaction with web applications, executing commands and automating actions that once required manual input.

Advocating for a larger budget is a common need for most security professionals. With so many business obligations fighting for priority and funding, even vital concerns like Vendor Risk Management can fall through the cracks. However, third-party cyber risks can devastate businesses in the blink of an eye—meaning maintaining a proper third-party risk management program should be at the top of your priority list.

As bad actors use artificial intelligence to step up their phishing game, mounting an effective defense means using a secure email gateway that likewise employs AI to detect even the most cleverly crafted phishing emails and the fraudulent websites to which the emails attempt to direct recipients. The concern is not just with generative AI (GenAI) tools like ChatGPT, which has some (rather limited) guardrails to prevent nefarious use.

If you’re a US citizen, you’re likely numb to the endless letters informing you of your information being stolen yet again. For most of us, this is an annoyance and an inconvenience. But if you’re a patient in a hospital during an attack, it would be disconcerting to know that studies indicate medical errors increase by 30% when clinical applications are offline, and there’s a “small but significant” increase in patient mortality.