Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

“Your entire company network was compromised, all through a single login.” That’s the reality of an employee single sign-on (SSO) breach nightmare. Hackers create fake SSO login pages in order to steal employee credentials, which can literally give them “the keys to the kingdom” – access to the most sensitive data of the organization. From a disgruntled ex-employee to a compromised user, it can become a devastating security hole. It happens more than you think.

Everywhere we look, organizations are harnessing the power of large language models (LLMs) to develop cutting-edge AI applications like chatbots, virtual assistants, and more. Yet even amidst the fast pace of innovation, it’s crucial for security teams and developers to take a moment to ensure that proper safeguards are in place to protect company and customer data.

As AI adoptions become increasingly integral to all aspects of society worldwide, there is a heightened global race to establish artificial intelligence governance frameworks that ensure their safe, private, and ethical use. Nations and regions are actively developing policies and guidelines to manage AI’s expansive influence and mitigate associated risks. This global effort reflects a recognition of the profound impact that AI has on everything from consumer rights to national security.

System hardening is the process of configuring a system to a more secure state. Many technology solutions are not securely configured by default, so system administrators must harden systems while retaining their desired functionality. Thankfully, system administrators do not have to figure out system hardening on their own. Instead, they can reference security benchmarks which describe recommended secure configurations for a system.

On May10th, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) issued an urgent advisory about malicious threat activity involving the Black Basta ransomware variant. Detailed information about these threats and the associated IOCs and TTPs can be seen on #StopRansomware: Black Basta.

Register for the Webinar Large-scale cyber breaches continue to dominate headlines, amplifying the damaging ramifications of failing to secure your organization. Even with a substantial investment in your SOC, outcomes continue to fall short of promises. Breaches lead to massive data leaks, steep financial losses, and tarnished reputations, underscoring the urgent need for effective SIEM technology.

Something about the springtime sunshine and blooming flowers inspires many of us to start cleaning. For some, it might be tackling the backyard shed that accumulated cobwebs over the winter or that overflowing junk drawer in the corner of the kitchen. As you survey your home and yard and decide where to start cleaning, it’s also a great time to look at your application security program and see if any of your existing processes need some tidying up. Here are a few great places to start.

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts.

Threat actors have responded to better protections in the operating system and improved endpoint detection and response (EDR) capabilities by moving down the stack to find entry points with full visibility and privileges into the stack above.

“The best part of RSA is all the amazing people in the community trying to make the world a safer place. It’s also very exciting to see all the innovation to make adversaries’ lives harder – competition and collaboration make us better.” – CEO & Co-Founder Dr. Aleksandr Yampolskiy The SecurityScorecard team has just returned from an incredible week in San Francisco at RSA Conference 2024!