Lloyd’s of London Launches New Cyber Insurance Consortium

December 13, 2024 at 08:37AM Lloyd’s of London has launched a cyber insurance consortium aimed at creating a shared risk facility for qualified organizations. This initiative offers exclusive rates, simplified processes, and comprehensive coverage, particularly for those with HITRUST certifications, including a significant premium discount. The consortium aims to improve underwriting efficiency and broaden participation. … Read more

Tips for Preventing Breaches in 2025

December 11, 2024 at 09:59AM In 2024, significant data breaches impacted major companies, costing US businesses over $9 million on average. With 98% of companies working with breached vendors, proactive security measures, including regular vendor reviews, audits, and advanced protections like encryption and access controls, are essential for mitigating risks and safeguarding data in 2025. … Read more

QR codes bypass browser isolation for malicious C2 communication

December 9, 2024 at 02:59AM Mandiant has discovered a method to bypass browser isolation using QR codes for command-and-control operations. This technique encodes commands in QR codes displayed on webpages, allowing compromised local browsers to capture and decode them. Despite limitations like data size and latency, it highlights vulnerabilities in current security measures, necessitating enhanced … Read more

Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

December 7, 2024 at 03:57AM Cybercriminals target privileged accounts, leading to data theft and operational disruptions. Traditional Privileged Access Management (PAM) often fails due to visibility gaps and weak enforcement. A webinar titled “Preventing Privilege Escalation: Effective PAS Practices” will provide strategies to secure these accounts, targeting CISOs, IT managers, and cybersecurity professionals. ### Meeting … Read more

Microsoft Expands Access to Windows Recall AI Feature

December 6, 2024 at 04:10PM Microsoft has expanded its Windows Recall feature to Copilot+ PCs with AMD and Intel chipsets, following an initial rollout for Snapdragon devices. The AI-powered tool allows users to revisit recorded activities, raising privacy concerns. Microsoft has enhanced security measures and delayed the launch to address these issues before the limited … Read more

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

December 6, 2024 at 07:18AM Cybersecurity researchers uncovered multiple vulnerabilities in open-source machine learning tools like MLflow, H2O, and PyTorch, which can enable code execution. Detected by JFrog, these flaws potentially allow attackers to access sensitive information and perform lateral movements within organizations, highlighting the need for caution with untrusted ML models. ### Meeting Takeaways … Read more

The Road to Agentic AI: Exposed Foundations

December 4, 2024 at 10:19AM The report discusses the potential of Retrieval Augmented Generation (RAG) in creating efficient applications from private data. However, it highlights significant security risks, including exposed servers and vulnerabilities, especially in quickly developed RAG components. Enterprises are urged to enhance security measures like authentication and encryption to prevent data manipulation and … Read more

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

December 4, 2024 at 05:54AM Organizations often struggle with ineffective password policies that are either too rigid or too lax. A well-balanced policy must be compliant, based on real data, enforceable, and clearly communicated. Regular audits and updates are essential to address security needs while ensuring usability, ultimately strengthening an organization’s overall security posture. ### … Read more

Law Enforcement Read Criminals’ Messages After Hacking Matrix Service

December 4, 2024 at 05:49AM Law enforcement, led by Europol, dismantled the encrypted messaging service Matrix, previously used by criminals. After spying for three months and intercepting 2.3 million messages, police arrested several suspects in France, Spain, and Lithuania. Matrix had around 8,000 global users involved in criminal activities like drug trafficking and money laundering. … Read more

BigID Releases Data Activity Monitoring to Extend DDR, Detect Malicious Actors, and Strengthen Data Security Posture

December 3, 2024 at 05:39PM BigID has launched Data Activity Monitoring, enhancing data security by proactively managing risks, identifying insider threats, and ensuring compliance. Unlike traditional tools, it tracks data access activity for improved decision-making and faster investigations. BigID continues to receive accolades for its innovative approaches in data security and compliance management. **Meeting Takeaways … Read more