Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Early on March 28, 2024, the Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the PyPi registry. Among those libraries are Pytorch, Matplotlib, and Selenium.

SIEM solutions operate based on thresholds. These thresholds serve as predefined benchmarks that generate alerts when the alert criteria is met. While effective to some extent, this approach falls short on multiple fronts, particularly in the context of sophisticated attacks and dynamic environments. Static thresholds falling short One of the fundamental flaws of static thresholds lies in their rigidity.

Dirty COW, a seemingly light-hearted name, masks a severe Linux privilege escalation issue. This bug has affected many older Linux systems, which is concerning given that 41% of web servers run on Linux. Despite widespread patches in distributions like Ubuntu and Red Hat, Dirty COW remains a threat, particularly to outdated systems. As a significant security flaw, it poses risks to various devices and servers even in 2024.

Cybersecurity maturity assessments play a fundamental role in helping chief information security officers (CISOs) determine the level of risk their organizations face due to cyber activity. By illuminating the various areas that are exposed to exploitation, these evaluations serve as a blueprint for cybersecurity leaders tasked with making the business secure amid an increasingly risky operational landscape.

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories. Security analysts at cybersecurity company Fortinet dissect the methods and actions taken by a new malicious Java-based downloader intent on spreading the remote access trojans (RAT) VCURMS and STRRAT.

The threat of novel malware is growing exponentially, making it more difficult for security solutions to identify attachments and links to files as being malware. According to BlackBerry’s new Global Threat Intelligence Report, the problem of novel malware has been continually growing over the last year. At the beginning of last year, BlackBerry was detecting new malware at a rate of just one per minute. By the next month, it was 1.5, 2.9 pieces per minute by August of last year.

The SEC’s new ‘Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure’ rule (issued on July 26, 2023) has public companies, notably smaller companies, worrying about having enough cybersecurity expertise to run a security program consistent with SEC requirements.

Over the past year, AI innovation has swept through the workplace. Across industries and all team functions, we are seeing employees using AI assistants to streamline various tasks, including taking minutes, writing emails, developing code, crafting marketing strategies and even helping with managing company finances.