There is a tendency to be overwhelmed with the sheer volume of work that must be done in IT and security. While the experts debate on whether it is difficult or easy to do the work required, we’re focusing on the basics here. There are several components that need to be addressed, but none should be overwhelming. Remember, these are the basics of having a security posture that is defensible to your customers and regulatory bodies.

The question of whether you need antivirus (AV) for Windows devices is always up for debate. The advancements and new technology have made the operating system (OS) more secure and reliable. Nevertheless, the effectiveness and lethality of cyber threats have increased as well. And every year, millions of Windows users fall victim to various digital perils.

In a significant achievement, we are thrilled to announce our successful transition to the ISO 27001:2022 standard whilst also undergoing recertification. This recertification is the pinnacle of Information Security Management. The recognition by BSI in December 2023, with auditors acknowledging our commitment as “up there with the best of them,” underscores our dedication to providing the highest level of service to our customers.

ChiBrrCon IV brought together the Chicago security community to learn about cybersecurity and risk management and heard from some of the folks CISOs report to.

It’s easy for leaders to get swept up in the fast-paced and always-on nature of our jobs, leaving little opportunity for downtime. My mind races far too much, so it’s become important to find activities to engage in regularly that take me away from Zoom and Slack, and give me perspective.

Generative AI (à la OpenAI’s GPT and the likes) is a powerful tool for summarizing information, transformations of text, transformation of code, all while doing so using its highly specialized ability to “speak” in a natural human language. While working with GPT APIs on several engineering projects an interesting idea came up in brainstorming, how well would it work when asked to describe information provided in raw JSON into natural language?

The software bill of materials (SBOM) is quickly becoming an essential aspect of open source security and compliance. In this post, we'll delve into what SBOMs are, why they're necessary, and their role in open source security.

COVINA, Calif - Feb. 8, 2024 - LimaCharlie, the creator of the first-ever Security Operations (SecOps) Cloud Platform, today celebrates a $10.2 million Series A investment round led by Sands Capital with follow-on from new and previous investors, including Lytical Ventures, CoFound Partners, Long Journey Ventures, Myriad Venture Partners, StoneMill Ventures, and Strategic Cyber Ventures.

2023 repeated some familiar payment fraud trends from 2022.There were some shifts in the prevalence of different fraud types, according to data from Verifi. The persistence of phishing remains at the forefront, posing significant challenges for businesses and consumers. Notably, friendly fraud became the second most prevalent fraud seen in 2023.

In the fast-paced world of application development, the use of open source components offers a quick path to building sophisticated applications. However, this approach introduces critical questions about software composition, licensing, and security. Before pushing any new application to production or even staging, the security and compliance teams alongside the application owner must address the following: This is where the importance of a Software Bill of Materials (SBOM) becomes clear.

On January 4, 2024, Atlassian disclosed CVE-2023-22527, a template injection vulnerability affecting Confluence Data Center and Server versions 8.0.0 to 8.5.3. The vulnerability allows for unauthenticated remote code execution to be achieved on affected versions of the software. Arctic Wolf Labs has observed evidence of C3RB3R ransomware, as well as several other malicious payloads, being deployed following exploitation of CVE-2023-22527. We present our preliminary findings here.

Cybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report. The researchers note that the Royal ransomware group has been using phony ads for TeamViewer to deliver malware as a precursor to its ransomware attacks.