Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Blogs

Heart of the Matter: How LLMs Can Show Political Bias in Their Outputs

Wired just published an interesting story about political bias that can show up in LLM's due to their training. It is becoming clear that training an LLM to exhibit a certain bias is relatively easy. This is a reason for concern, because this can "reinforce entire ideologies, worldviews, truths and untruths” which is what OpenAI has been warning about.

Major update to Attack Surface Custom Policies

AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch. To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.

From reactive to proactive: Leveraging vCISO solutions to elevate managed security services

The cybersecurity landscape is becoming increasingly complex and challenging for businesses of all sizes. As an MSP, you're well aware of the growing demand for comprehensive security and compliance solutions. With the right tools and strategies in place, you can help your clients navigate this complex landscape while unlocking new revenue streams for your business.

What's New in OWASP API Top 10 2023: The Latest Changes and Enhancements

As APIs continue to increase across industries, so too do the threats to their security. The OWASP API Top 10 list is an essential resource for businesses looking to secure their application programming interfaces. OWASP is best known for releasing the top 10 security risks and vulnerability lists for web apps, mobile apps, APIs, and so on, which are revised every four years to reflect the latest threats and risks affecting organizations globally.

Elastic Security in the open: Empowering security teams with prebuilt protections

Elastic Security now comes with 1,100+ prebuilt detection rules for Elastic Security users to set up and get their detections and security monitoring going as soon as possible. Of these 1,100+ rules, more than 760 are SIEM detection rules considering multiple log-sources — with the rest running on endpoints utilizing Elastic Security for Endpoint.

Top Strategies to Harden Your Active Directory Infrastructure

Microsoft Active Directory (AD) is the central credential store for 90% of organizations worldwide. As the gatekeeper to business applications and data, it’s not just everywhere, it’s everything! Managing AD is a never-ending task, and securing it is even harder. At Netwrix, we talk to a lot of customers who are using our tools to manage and secure AD, and over the years, key strategies for tightening security and hardening AD to resist attacks have emerged.

The psychological impact of phishing attacks on your employees

In recent years, phishing attacks have become increasingly prevalent and sophisticated, posing a significant risk to individuals and organizations alike. In fact, 92% of organizations fell victim to successful phishing attacks in the last 12 months. As cybercriminals continue to exploit human vulnerabilities through social engineering, the impact on employee stress levels is a growing concern that cannot be ignored.

Trustwave Briefs Federal Officials on Cybersecurity Trends and Discoveries

Karl Sigler, Senior Security Research Manager, SpiderLabs Threat Intelligence, conducted a series of briefings in Washington, D.C., to federal officials on April 12-13, giving an update on what Trustwave SpiderLabs researchers are finding with the Russia-Ukraine War, ChatGPT, and current phishing trends. During his time in Washington, Sigler spoke with the U.S. Senate Armed Services Committee, Department of Homeland Security/TSA, Senate staffers, and other departments.

How MDR Can Bring More Value to Your Endpoint Detection and Response Platform

Endpoint detection and response (EDR) solutions are a crucial element of any cyber defense strategy. In general, EDR solutions help companies detect issues on the myriad number of devices their employees use. Although an EDR’s value is apparent there’s a simple way to draw additional value from an EDR system while strengthening your defense in depth strategy by adding a managed detection and response (MDR) solution.