Category: Security

July 13, 2023

If you practice good digital hygiene, you’re likely installing Windows updates soon after their release date, especially when they’re security-focused. However, hackers are constantly poking and prodding the security of Microsoft’s operating system and devising new ways to bypass any […]

July 12, 2023

Data anonymization is a technique used to protect sensitive or private information by removing or masking any personal identification information that can be used to identify an individual. Yash Mehta of Expersight shares data anonymization tools and use cases that […]

July 11, 2023

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. “Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious […]

July 3, 2023

A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. Cybersecurity firm Check Point said the activity, dubbed SmugX, has been […]

June 30, 2023

The latest alert from the US Cybersecurity & Infrastructure Security Agency (CISA), a Department of Homeland Security agency that deals with cybersecurity and critical infrastructure security, provides an update on the top 25 most dangerous security weaknesses in software products. […]

June 30, 2023

In today’s fast-paced digital landscape, the widespread adoption of AI (Artificial Intelligence) tools is transforming the way organizations operate. From chatbots to generative AI models, these SaaS-based applications offer numerous benefits, from enhanced productivity to improved decision-making. Employees using AI […]

June 29, 2023

When building .NET Core applications, we often make use of various “secrets” such as client IDs, access tokens, passwords, certificates, encryption keys, and API keys. Naturally, we need a secure way to store, manage, and control access to this sensitive […]

June 19, 2023

A ransomware group is claiming responsibility for a hack on Reddit’s systems earlier this year — and demanding not just money but policy changes. BlackCat, a ransomware group, says it was behind the February phishing attack on Reddit, as previously […]

June 15, 2023

Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. “Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as […]

June 14, 2023

Published by the National Institute of Standards and Technology (NIST), the so-called Secure Software Development Framework (SSDF) is a “special publication” (800-218) containing recommendations for mitigating the risk of software security flaws. Created in the wake of the infamous SolarWinds […]

June 14, 2023

For the better part of the 90s and early aughts, the sysadmin handbook said, “Filter your incoming traffic, not everyone is nice out there” (later coined by Gandalf as “You shall not pass”). So CIOs started to supercharge their network […]

June 13, 2023

Although I’m swearing off studies as blog fodder, it did come to my attention that Vulcan Cyber’s Voyager18 research team recently issued an advisory validating that generative AI, such as ChatGPT, would be turned into a weapon quickly, ready to […]

June 9, 2023

Google is working on a sizable security update that’ll introduce a total of seven new features to Chrome for desktop and iOS. Four of those features are currently making their way to desktop users, and they all involve the company’s […]

June 8, 2023

As more organizations move toward the adoption of generative AI, Google wants us all to be more concerned about security. To that end, on Thursday the tech giant released its Secure AI Framework (SAIF), meant to be a sort of […]

June 8, 2023

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as […]

June 2, 2023

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, […]

May 31, 2023

In an age where we’re carrying around Android phones, capable enough to rival the computers of yesteryear, cybercrime is bound to be a thing. To give you an idea of how big of a thing it is: the BlackBerry Global […]

May 31, 2023

A team of security researchers at Georgia Tech, the University of Michigan and Ruhr University Bochum in Germany has reported a new form of side-channel attack that capitalizes on power and speed management methods used by graphics processing units and […]

May 30, 2023

Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic. “Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this […]

May 26, 2023

5G is a game changer for mobile connectivity, including mobile connectivity to the cloud. The technology provides high speed and low latency when connecting smartphones and IoT devices to cloud infrastructure. 5G networks are a critical part of all infrastructure […]