Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Both fraud alerts and credit freezes are free of charge, but there are some differences between the two you should be aware of if you’re deciding on placing one over the other. Both fraud alerts and credit freezes are meant to protect you from identity theft and fraud, however, fraud alerts add an extra layer of verification and only last a year, whereas credit freezes prevent new credit from being opened and don’t expire.

On May 9, the North American Electric Reliability Corporation (NERC) officially adopted new Critical Infrastructure Protection (CIP) requirements for Internal Network Security Monitoring (INSM). This is one of the last steps before Federal regulators make it an official standard for utilities and the electrical power grid industry. What does it mean? Compliance for CIP-015-1 is coming to your utility. Utilities will need monitoring tools with deep and wide asset intelligence and network control.

Many of us in the information security sphere have sat in front of a console and furiously executed various queries while either mumbling internally or externally, with varying levels of stress and frustration: what is going on? When investigating a particular system, an odd event, or a declared incident, we are all attempting to answer this question in one way or another. Detections, documented threat hunts and security operations procedures do not manifest out of thin air.

ChatGPT impresses everyone with its writing capabilities; however, its proficiency in understanding and generating human-like text has inadvertently empowered threat actors to produce realistic and error-free phishing emails, which can be challenging to detect. The use of ChatGPT in cyberattacks poses a significant threat, particularly for attackers whose first language isn’t English. This tool helps them overcome language barriers, enabling the creation of more convincing phishing content.

The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.

As we near the halfway point of 2024, it is apparent that the epidemic of extortionary cyber attacks will continue unabated into the foreseeable future. Now more than ever, I believe that until organizations adopt cultural approaches to cybersecurity, breaches will continue to wreak havoc on companies and industries.

From late 2023 and into 2024, the ransomware ecosystem has become more diverse than ever, with an ever-expanding cast of extortion groups. Established players continue to compromise large companies globally, while smaller, newer groups are breaking into the scene with increasing frequency. From January to mid-May 2024 alone, 22 new ransomware groups emerged. In comparison, only 22 groups emerged during the entire two-and-a-half-year period between January 2018 and August 2020.

The software supply chain is increasingly complex, giving threat actors more opportunities to find ways into your system, either via custom code or third-party code. In this blog we’ll briefly go over five supply chain threats and where to find them. For a deeper look to finding these threats, with more specifics and tool suggestions, check out our threat hunting guide.

Safeguarding your data is not just an option—it’s a necessity. Cyber threats are evolving at an unprecedented pace, and your database could be the next target. Whether you’re managing sensitive customer information or intricate analytics, database security should be at the top of your priority list. This article dives deep into the top 7 database security best practices that will help you fortify your defenses.

Open source fuels modern development. It's a vast library of pre-built solutions that empower developers to focus on innovation, not reinvent the wheel. But with every dependency comes the responsibility of maintaining it. The traditional approach emphasizes staying on the bleeding edge, updating packages constantly. However, this relentless pursuit of the "latest" version can introduce roadblocks and slow down development.