The Facts About Continuous Penetration Testing and Why It’s Important

August 22, 2024 at 06:42AM Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice involving ongoing, automated penetration testing to identify and mitigate vulnerabilities in an organization’s digital assets. It integrates with the software development lifecycle (SDLC) to ensure real-time vulnerability discovery and validation of security controls. CASPT is proactive, not limited to … Read more

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

June 4, 2024 at 08:13AM A sophisticated cyber attack targeting endpoints in Ukraine aims to deploy Cobalt Strike and establish control over compromised hosts. The attack involves a multi-stage malware strategy using a Microsoft Excel file with an embedded VBA macro. The attack employs evasion techniques, location-based checks, and manipulation of DLL files for persistence … Read more

Google’s AI Watermarks Will Identify Deepfakes

May 16, 2024 at 08:42AM Google introduced AI-related security measures at the Google I/O developer conference, including invisible watermarking of AI-generated content to prevent misuse and spread of misinformation. The company unveiled new AI models, Veo and Imagen 3, along with AI red-teaming techniques to improve model security. These initiatives aim to address risks and … Read more

How to Red Team GenAI: Challenges, Best Practices, and Learnings

April 29, 2024 at 10:07AM GenAI is transforming work processes, but its implementation poses risks including data security and misuse. Red teaming, especially for GenAI, requires considering responsible AI risks and dealing with probabilistic outputs. Microsoft employs an open automation framework, PyRIT, to red team its GenAI systems, ensuring proactive security and responsible innovation. The … Read more

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

April 29, 2024 at 07:48AM Today’s cyber threats are becoming increasingly complex, requiring better and more consolidated approaches. Exposure Management offers a comprehensive method to identify, evaluate, and address security weaknesses across an organization’s digital footprint. Contrasting it with other common approaches such as Penetration Testing, Red Teaming, Breach and Attack Simulation tools, and Risk-Based … Read more

Microsoft Releases PyRIT – A Red Teaming Tool for Generative AI

February 23, 2024 at 07:21AM Microsoft has unveiled PyRIT, an open-access automation framework, to proactively identify risks in generative AI systems. The tool aims to assess robustness, security, and privacy harms, offering various interfaces and scoring options. Though it complements manual red teaming, it highlights risk areas and prompts further investigation. This development coincides with … Read more

Microsoft Releases Red Teaming Tool for Generative AI

February 23, 2024 at 05:21AM Microsoft has introduced PyRIT, an open access red teaming tool created to aid security professionals and ML engineers in identifying risks associated with generative AI. The tool automates tasks, enhances audit efficiency, and addresses the unique challenges of red teaming generative AI. It offers control over strategy and execution, supports … Read more