While the EU AI Act is poised to introduce binding legal requirements, there's another noteworthy player making waves—the National Institute of Standards and Technology's (NIST) AI Risk Management Framework (AI RMF), published in January 2023. This framework promises to reshape the future of responsible AI uniquely and voluntarily, setting it apart from traditional regulatory approaches. Let's delve into the transformative potential of the NIST AI RMF and its global implications.

Phishing is a longstanding danger of the digital world that most people are aware of. Whether it happens via email, text message, social media, or any other means, phishing presents a risk to all users. In recent years, the growing popularity of QR codes for all manner of operations has created an environment ripe for cybercriminals to take advantage of.

Rubrik Zero Labs’ recent study accentuated several hard truths we think are important and warrant a response from Rubrik’s CISO Advisory Board. First, let’s confirm what many of us have already discussed: It’s not fun to be a CISO right now. There’s an overwhelming amount of expectation—from the board to business unit owners—to figure out how to grow and use data, but also keep it secure, and figure out what happens when it’s not.

Are you an eCommerce Manager who keeps being asked about bot visitors by security and fraud teams? You’re not alone, as the issue of bot attacks such as scalping, scraping and account takeover cross multiple business functions – everyone has their role in stopping bad bots. It’s time to up your bot knowledge and do your part in mitigating these attacks. Here’s what you need to know.

Today, Fireblocks is launching Off Exchange – a new solution that enables trading firms and asset managers to trade on centralized exchanges from an on-chain MPC shared wallet, eliminating exchange counterparty risks.

If you're involved with cybersecurity and are based in Europe, then Black Hat Europe 2023 in London, December 6 and 7 is a must-attend event. Wallarm, the experts in API and Application Security, will be attending the event, and we're excited to connect with you. If you are planning to attend, come by our booth or feel free to schedule a slot to meet with our API and App Security experts.

Arctic Wolf has recently worked multiple incident response cases where we have observed ransomware groups exploiting CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365 to gain initial access. On August 29, 2023, Qlik published a support article detailing two vulnerabilities which when successfully exploited in tandem could lead to an unauthenticated threat actor achieving remote code execution (RCE). CVE-2023-41266.

Arctic Wolf Labs has observed a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform.[1] Based on available evidence, we assess that all vulnerabilities exploited were previously identified by researchers from Praetorian [2,3]. For more information on these vulnerabilities, see the advisories published by Qlik (CVE-2023-41266, CVE-2023-41265, and CVE-2023-48365) as well as our Security Bulletin.

Cybersecurity automation has steadily gained traction as organizations seek to improve efficiency, address talent gaps, and keep up with escalating threats. However, our latest State of Cybersecurity Automation research shows that while more businesses are utilizing automation, they continue to grapple with obstacles that prevent them from fully capitalizing on its benefits.

Today’s Trust Issues guest is Brian Contos, Chief Strategy Officer at Sevco Security. With host David Puner, Contos discusses the intricacies of securing the Internet of Things (IoT) and the challenges posed by the expanding IoT landscape – emphasizing the need for robust identity management. In a broader context, IoT encompasses identity management, cybersecurity and the evolving role of AI in safeguarding digital assets.