October 11, 2024 at 07:49PM Organizations are increasingly seeking candidates with machine learning and large language model skills for cybersecurity roles, as highlighted in ISACA’s 2024 report. Key skill gaps include LLM SecOps, ML SecOps, cloud computing, and security controls implementation, while soft skills remain the most commonly identified gap among cybersecurity professionals. ### Meeting … Read more
September 27, 2024 at 02:01PM Microsoft has upgraded its AI-powered Windows Recall feature to enhance security and privacy. The feature, always opt-in, encrypts and filters sensitive content. It now offers stronger default protection for user data, isolation of services, and intentional use, assuring users complete control over their data. Recall will be available for preview … Read more
September 23, 2024 at 10:08AM Summary: Data resilience, a critical aspect of cybersecurity, focuses on securing an organization’s sensitive data assets. The process requires data discovery, classification, and securing sensitive data stores. Research conducted by Enterprise Strategy Group highlights the importance of stakeholder alignment, project planning, and securing executive support for successful implementation of Data … Read more
August 29, 2024 at 07:48AM Attackers are increasingly using new phishing toolkits, like adversary-in-the-middle (AitM), which lets them bypass traditional prevention controls. AitM phishing uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application, enabling attackers to steal live sessions. AitM toolkits employ reverse web proxies … Read more
August 26, 2024 at 10:04AM Cybersecurity defense requires multiple layers to mitigate risks and ensure protection. Key elements include file integrity monitoring, change detection, and a robust change management program. These are essential to thwart threat actors’ attempts and minimize risks by detecting and responding to changes promptly. Employee education and support are crucial for … Read more
July 24, 2024 at 10:24AM Register for mWISE™, a cybersecurity conference by Mandiant, now part of Google Cloud, in Denver on September 18-19, 2024. The session catalog is available, featuring nine content tracks. Highlights include new tracks on AI and cybersecurity, and a Next Gen CISO track. Register by August 12 to save $300. Sponsored … Read more
June 5, 2024 at 02:48AM A vulnerability in Microsoft’s Azure cloud allows potential access to other users’ private web resources. The issue stems from Service Tags, potentially allowing cross-tenant attacks. Despite Microsoft’s initial refusal to classify it as a vulnerability, it confirmed the flaw and offered a bug bounty. Subsequently, Microsoft decided to address the … Read more
June 4, 2024 at 08:09AM Malware creators are increasingly using legitimate packer apps like BoxedApp to evade detection, with a surge in usage over the past year. This has been observed especially in remote access trojans and ransomware. BoxedApp offers features that make it harder for security systems to detect malware, resulting in a high … Read more
April 19, 2024 at 07:48AM Attackers are increasingly targeting cloud apps and identities without requiring access to traditional networks. With the shift to SaaS adoption, interconnectedness and complexity of digital identities are vulnerable. Security controls for cloud identities are limited, leading to a rise in attacks. Techniques like AiTM phishing, IM phishing, SAMLjacking, Oktajacking, and … Read more
April 10, 2024 at 03:56PM Google has launched Chrome Enterprise Premium, an enhanced browser for organizations that offers extended security controls for a monthly fee per user. This upgrade from Chrome Enterprise Core provides increased threat and data protection, control options, and reporting capabilities. Users report significant and immediate benefits in improved security and risk … Read more