Sliver’s growing popularity as an open-source C2 framework, Emotet’s comeback and new evasion techniques, and how Chinese hackers exploited a Fortinet flaw using a 0-Day.

If a counterparty holds custody of your crypto or digital assets, there is no replacement for due diligence in terms of risk management, security controls, and operational processes. This is why it’s critical to design crypto operations workflows that mitigate exposure to your counterparties and minimize business continuity risks. For a quick introduction to counterparty risk and how to identify your counterparties take a look here.

Day-to-day crypto and digital asset operations is one of the most important and business-critical functions for any company working with digital assets – whether you’re a fintech, web3 company, bank or OTC desk. A well-executed crypto operation is one where you have 24/7 access to funds, and can be sure assets are secure at all times, whether they’re in storage or in motion.

Confused about the difference between a web application firewall (WAF) and a web application and API protection platform (WAAP)? Curious how intelligent a next-gen “intelligent WAF” really is? Wondering whether you need dedicated API security if you have a WAAP? Can you really trust a WAAP to secure your critical data and services? In a session from the Salt Security API Security Summit, Mike Rothman, Techstrong Research, stated.

Even if you’ve been living under a super-sized rock for the last few months, you’ve probably heard of ChatGPT. It’s an AI-powered chatbot and it’s impressive. It’s performing better on exams than MBA students. It can debug code and write software. It can write social media posts and emails. Users around the globe are clearly finding it compelling. And the repercussions – good and bad – have the potential to be monumental.

‍ The term “internal threat” refers to the risk that somebody from inside a company could exploit a system to cause damage or steal data. Internal threats are particularly troubling, as employees may abuse extended privileges, leading to massive losses for the organization. One such infamous case is of an ex-Google employee who was charged with theft of trade secrets from Google for a ride-hailing start-up Uber.

In this blog post, we briefly outline these findings and what organisations can do to defend themselves.

Corelight Investigator furthers its commitment to delivering next-level analytics through the expansion of its machine learning models. Security teams are now enabled with additional supervised and deep learning models, including: We continue to provide complete transparency behind our evidence -- showing the logic behind our machine learning models and detections, allowing analysts to quickly and easily validate the alerts.

Hello everyone! I’m Yuval Adler, Customer Success Director at Zenity. I’m inviting you to read my blog series where I share new Microsoft Power Platform DLP Bypass findings we uncovered.

The OWASP API Top 10 is a list of common vulnerabilities found in APIs. OWASP created it as a resource for developers, testers, and security professionals to help them understand how to protect against API threats. Many people think that APIs are just another type of web application, but they're not; they have their own set of risks and challenges that need to be addressed. A simple API call can result in a data breach that could have lasting consequences for your business.