Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Dive into the latest SecurityScorecard research with Rob Ames, Staff Threat Researcher, and Travis Hawley, Former Air Force Intelligence Analyst, as they unravel the complexities of Volt Typhoon's recent compromise of 30% of Cisco RV320/325 devices. They explore the technical and user-side reasons behind this significant cyber threat, its impact, and what it means for future cybersecurity trends. Don't miss out on their in-depth analysis and insights on evolving state-sponsored cyber threats.

In this installment of the Tanium Patch FAQ series we learn how to automatically update Microsoft Office 365 apps across #Windows and #MacOS.

The video based on this article discusses a cybersecurity researcher's experience in uncovering a major security flaw in an AI-based hiring system called Chattr.ai, which provides services to numerous fast-food chains and hourly employers across the United States, including popular names like Applebees, Arbys, Chickfila, Dunkin, IHOP, KFC, Shoneys, Subway, Tacobell, Target, and Wendys. The researcher's investigation was triggered by their suspicion that many startups using Firebase, particularly those with the.ai top-level domain, may have exposed credentials.

Bharath Kashyap helped create a lightweight, programmatic approach to performing a maturity assessment using free MITRE tools (like ATT&CK framework, D3FEND, and MITRE Centre for Threat Informed Defense (CTID)) to provide a starting point for you to understand your organization’s coverage against the framework, identify areas for improvement and prioritize them for implementation. In this video, Bharath walks through a few ways to make the assessment tool work for your organization.

Join me in a crucial discussion about the imminent arrival of AGI and the undeniable fact that humanity is not yet prepared for it. As we explore the potential risks and acknowledge the likelihood of militaries leading the AGI charge, it's clear that responsible decision-making is paramount. In this video, we emphasize the urgent need for collective pressure on industries and decision-makers to ensure ethical AI development. Let's learn from history, avoid repeating past mistakes, and safeguard against unintended consequences.

We don’t just work in cybersecurity. We work at Keeper.

This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.

This weeks' briefing covers.

The Devo Security Data Platform can help teams exceed threat response rates, improve analyst performance by 5x, and offload manual work up to 60%.