Category: Security Intelligence

The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative…

Read more →

In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in…

Read more →

Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches…

Read more →

As generative AI goes mainstream, it highlights the increasing demand for AI cybersecurity professionals like Maria Pospelova. Pospelova is currently a senior data scientist, and data science team lead at OpenText Cybersecurity. She also worked at Interest, an AI cybersecurity…

Read more →

Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area.…

Read more →

The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way…

Read more →

Brief – Back to Basics: For Better Security, Bank on Function Over Form The post Brief – Back to Basics: For Better Security, Bank on Function Over Form appeared first on Security Intelligence. This article has been indexed from Security…

Read more →

A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve…

Read more →

The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an…

Read more →

“A data breach has just occurred”, is a phrase no security professional wants to hear. From the CISO on down to the SOC analysts, a data breach is the definition of a very bad day. It can cause serious brand…

Read more →

In recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that…

Read more →

When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the…

Read more →

Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that…

Read more →

Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector. The Digital Operational Resilience Act (DORA) is a…

Read more →

The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply…

Read more →

For years, chatbots have been a useful tool to help automate customer-facing applications. But what happens if the chatbot goes rogue? Recent reports have revealed that this may have happened to the Comcast / Xfinity chatbot. First, there were incidents…

Read more →

Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to…

Read more →

The hottest technology right now is AI — more specifically, generative AI. The trend is so popular that every conference and webinar speaker feels obligated to mention some form of AI, no matter their field. The innovations and risks that…

Read more →

Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure…

Read more →

From world events to the economy, 2023 was an unpredictable year. Cybersecurity didn’t stray far from this theme, delivering some unexpected twists. As organizations begin planning their security strategies for 2024, now is the time to look back on the…

Read more →

In the realm of cybersecurity, both information technology (IT) and operational technology (OT) present distinct challenges that organizations must navigate. Ensuring the security of these distinct domains is paramount to bolstering your overall cyber resilience. By following the best practices…

Read more →

For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study.…

Read more →

As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal…

Read more →

From May 7 to 12, 2021, the massive Colonial Pipeline refined oil product delivery system ground to a halt. It was the victim of a DarkSide ransomware cyberattack. The Colonial Pipeline delivers about 45% of fuel for the East Coast,…

Read more →

Data protection has come a long way. In previous years, it was considered a “nice to have” and a line item on the budget further down the page. Today, it’s top of mind for almost every CIO or CISO across…

Read more →

Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In…

Read more →

As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with…

Read more →

Cloud computing has become an integral part of IT infrastructure for businesses of all sizes, providing on-demand access to a wide range of services and resources. The evolution of cloud computing has been driven by the need for more efficient,…

Read more →

On October 30, 2023, President Biden issued an executive order (EO) to set new standards for the safety and security of Artificial Intelligence (AI). The move sets out the government’s intentions to regulate and further advance the growth of AI…

Read more →

Being part of the Adversary Services team at IBM, it is important to keep your skills up to date and learn new things constantly. macOS security was one field where I decided to put more effort this year to further…

Read more →

For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to…

Read more →

Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm,…

Read more →

As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and…

Read more →

Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk.…

Read more →

In today’s quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to…

Read more →

Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider…

Read more →

With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are – serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the…

Read more →

As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive…

Read more →

One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to…

Read more →

The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored…

Read more →

Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82%…

Read more →

As the one-year anniversary of ChatGPT approaches, cybersecurity analysts are still exploring their options. One primary goal is to understand how generative AI can help solve security problems while also looking out for ways threat actors can use the technology.…

Read more →

In today’s rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they…

Read more →

Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved…

Read more →