Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We close out Cybersecurity Awareness Month for 2023 with a few final points that show that a company's security is a team sport, one in which everyone must participate. As noted in Trustwave SpiderLabs recent report, 2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies, phishing is one of the most effective methods attackers use to gain an initial foothold in financial services organizations.

Learn how to enhance secrets manager security with GitGuardian Honeytoken. Strengthen your system's security and protect your critical assets effectively.

In this episode of The Future of Security Operations podcast, Thomas interviews industry veteran Dmitriy Sokolovskiy. Dmitriy is a founding member of (ISC)2 Eastern Massachusetts Chapter, and has over 25 years of experience in the security industry, having led teams at Putnam Investments, CyberArk, and, most recently, Avid. He’s a mentor and advisor to several successful startups and sits on the advisory board of companies like Audience 1st.

Over 75% of all cybercrimes primarily target web applications and their vulnerabilities. Attackers focus on exploiting weaknesses such as design flaws, vulnerabilities in APIs, open-source code, third-party widget issues, and access control problems. A recent study predicts that all this cybercrime will cost a massive $5.2 trillion by 2024 across all industries. How do you protect your web application from all the risks out there? Here is a go-to web app security checklist to get started.

It has been a distinct honor to be a part of the Corelight team that helped defend this year’s Black Hat events. I started the event season in the Network Operations Center (NOC) at Black Hat Asia, and then capped it off at Black Hat in Las Vegas. In this blog I’ll share my experience and learnings from participating in both NOCs.

Microsoft is tracking a cybercriminal group called “Octo Tempest” that uses threats of violence as part of its social engineering and data theft extortion campaigns. “Octo Tempest is a financially motivated collective of native English-speaking threat actors known for launching wide-ranging campaigns that prominently feature adversary-in-the-middle (AiTM) techniques, social engineering, and SIM swapping capabilities,” the researchers write.

Continued analysis of ransomware attacks shows an upward trend in the number of attacks, with September resulting in the highest number of assaults so far this year. IT security vendor NCC Group’s Cyber Threat Intelligence Report for September 2023 shows some startling revelations about why ransomware attacks are spiking.

In the rapidly evolving landscape of technology and data-driven decision-making, machine learning has emerged as a powerful tool to gain insights, optimize processes, and drive innovation. Machine learning, a subset of artificial intelligence, involves building models that can analyze data and make predictions. These models can unlock valuable insights and opportunities, making them a potent growth lever for organizations across various industries.

On Monday, October 30, President Biden signed the Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence — the longest in history at 117 pages. The executive order (EO) aims to advance and regulate artificial intelligence (AI) in the US. This landmark order pulls together a number of priorities that influence not just the AI industry, but also society at large.

While the days of swashbuckling pirates terrorizing the seven seas may be long gone, modern data pirates abound in the vast cyber seas. They set out to steal your company’s crown jewels – data. Today’s document management systems are filled with treasure ready for the taking, from personal data to credit cards and intellectual property worth billions. But beware, your motley crew can pose just as significant a risk as the pirates roaming the cyber seas.