Recent high-profile data breaches attributed to SolarWinds, Log4j, MOVEit, and more have demonstrated that the world still lacks a standard framework to measure cyber risk. Cybercriminals continue to exploit the trusted relationships between companies and their third-party suppliers and vendors, resulting in damaging attacks.

Organizations worldwide rely on the MITRE ATT&CK framework as a critical resource for defending against cyberattacks. The MITRE ATT&CK framework is also a key tool for advancing threat research in the cybersecurity industry. However, one of the challenges in using the MITRE ATT&CK framework is mapping the output from logs, sensors and other tools as ATT&CK data sources in the framework.

In a digital age fraught with cyber threats, the recent breach of NATO military infrastructures has sent shockwaves through the global security community. Hackers, purportedly associated with the alias Aaron Bushnell, have claimed responsibility for this nefarious act. This blog delves into the details of the breach, its implications, and the steps necessary to fortify our defenses against such cyber assaults.

Nearly one third of all data breaches are caused by insiders. While you might immediately think of malicious insiders, like disgruntled or departing employees, insider risk can take numerous forms, including: From these examples alone, it’s easy to see just how prevalent insider risk really is. Whether it’s intentional or unintentional, insider risks often have the same consequences as external risks, including data leaks, data loss, noncompliance, and more.

Online shopping is the norm nowadays, which means you will likely face new threats, including brushing scams. Brushing scams are a form of e-commerce fraud where sellers create fake orders to boost product ratings and visibility on e-commerce platforms. While this might seem harmless at first glance, brushing scams can have severe consequences for unsuspecting consumers.

Scammers are impersonating job-seeking platform Dice with phony employment opportunities designed to steal victims’ information. “This week, Dice received reports that individuals are receiving messages from senders claiming to be Dice recruiters on various messaging apps,” the company says.

Do not forget, AI-enabled technologies, like KnowBe4’s Artificial Intelligence Defense Agents (AIDA), will make defenses increasingly better. I get asked a lot to comment on AI, usually from people who wonder, or are even a bit scared, about how AI can be used to hurt them and others. It is certainly a top topic everyone in the cybersecurity world is wondering about. One of the key questions I get is: How much worse will AI make cybercrime? The quick answer is: No one knows.

As cybercriminals leverage tools like generative AI, making attacks easier to execute and with a higher degree of success, phishing attacks continues to increase in frequency. I’ve been covering the cybercrime economy’s use of AI since it started. I’ve pointed out the simple misuse of ChatGPT when it launched, the creation of AI-based cybercrime platforms like FraudGPT, and how today’s cybercriminal can basically create foolproof malicious content.

While the rise of ChatGPT and other AI chatbots has been hailed as a business game-changer, it is increasingly being seen as a critical security issue. Previously, we outlined the challenges created by ChatGPT and other forms of AI. In this blog post, we look at the growing threat from AI-associated cyber-attacks and discuss new guidance from the National Institute of Standards and Technology (NIST).

Compliance in healthcare is a critical component to preserving the sanctity of modern society. Compliance in any industry ensures adherence to a minimum set of requirements to ensure quality of service; while undoubtedly important everywhere, it’s more so in healthcare due to its direct impact on human lives. For example, while financial compliance secures the safety of our funds, healthcare compliance ensures the safety of our personal selves.

Among other things, the OWASP organization delivers reports on the Top 10 most prevalent and important security risks for web-based software development. In 2019 they started reporting on the Top 10 API Security risks and refreshed that list in 2023. In this blog we describe how OPA/Styra can help with 9 of the 10 risks, and for each one we rate how impactful OPA/Styra is: Below we detail each of these 10 risks and briefly how to address them with OPA and Styra.

Imagine a site engineer visiting a construction site to inspect the progress of the project. Using his mobile device, the engineer captures images of specific areas that require attention, noting aspects like structural details, design modification, or areas that need immediate review and action. The engineer uploads the images into the project folder on Egnyte and shares it with the architect for quick feedback on the changes to be made.