Nexx is a home security company that specializes in internet-connected security devices such as alarms, garage door openers, cameras, plugs, and more. The company works to make homes safer and to help with home automation goals. Unfortunately, it appears that Nexx products are vulnerable to some major security issues, and it doesn't appear that the company is actively working to fix the issues.

Password security plays a fundamental role in Identity and Access Management (IAM). The easiest way for cybercriminals to breach an enterprise network is to obtain a set of legitimate login credentials. This allows them to bypass firewalls, intrusion detection systems and other technical security solutions. Once inside, they can remain undetected for extended periods of time.

When researching which managed detection and response (MDR) service provider to partner with, security professionals would do well to consider whether the provider also has experience with threat hunting, a topic we covered in a previous post. As with MDR, however, threat hunting offerings can vary dramatically, and an innovative, human-led form promises significant gains in terms of cyber protection: advanced continual threat hunting.

The use of Amazon Web Services (AWS) in organizations around the world is prolific. The platform accounted for 31% of total cloud infrastructure services spend in Q2 2022, growing by 33% annually. Despite its widespread use, many organizations still fail to consider the nuances of incident response in AWS.

The attack surface is bigger than ever before, and it’s only going to keep growing. As the hybrid work model puts endpoints in employee homes, IoT devices grow in number and complexity, and the very definition of endpoint itself evolves, the task of seeing into and securing all endpoints in an organization’s environment has grown into a colossal task for already overworked and overtaxed IT teams.

ChatGPT may not be used by all organizations and may even be banned. But that doesn't mean you don't have exposure to the security risks it contains. This post looks at why ChatGPT should be part of your threat landscape.

This is the second blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. There are several issues implied in the PCI DSS Standard and its associated Report on Compliance which are rarely addressed in practice. This occurs frequently on penetration and vulnerability test reports that I’ve had to assess.

Remember The Sims? Well Stanford created a small virtual world with 25 ChatGPT-powered "people". The simulation ran for 2 days and showed that AI-powered bots can interact in a very human-like way. They planned a party, coordinated the event, and attended the party within the sim. A summary of it can be found on the Cornell University website. That page also has a download link for a PDF of the entire paper (via Reddit).

The demand for technology that can support secure user access, both remote and onsite, has expanded beyond IT environments to include the operational technology (OT) and industrial control systems (ICS) that enable organizations in a variety of critical infrastructure (CI) sectors to function. However, the priorities of IT environments (i.e., the confidentiality, integrity, and availability of data).

It’s not news that organizations’ networks are increasing in complexity. The rise of hybrid work, the proliferation of the cloud, and the increased use of IoT devices has pushed networks far outside the server room — and even the four walls of the office — into a digital-first realm. While these changes have increased efficiency, scalability, and how operations work in the modern age, they’ve also created new avenues for cybercriminals to launch an attack.