At the end of every year, the Trustwave content team asks its in-house experts what cybersecurity topics they predict will be top of mind in the coming 12 months, and inevitably the top answer is more ransomware. Instead of waiting an extra couple of months, we thought why not get ahead of the curve, pretend that ransomware will again be an issue, because it will, and proceed to the part of the story where we go through the problem and mitigation methods.

In this article, we discuss how admins can programmatically access Spotlight using a utility called osquery, and we demonstrate useful queries you can run to find evidence of compromise in your organization.

This is a burning issue that must be considered by all organizations striving to decrease their cybersecurity vulnerabilities. Keep reading to get familiar with the risks of GenAI utilized for email attacks and how advanced implementations can counterpose malicious activities.

In this blog, we summarize the results of a fall 2022 survey of IT, helpdesk, and security professionals about how their companies protect sensitive data.

Enterprise applications, whether on-premise or in the cloud, access LLMs via APIs hosted in public clouds. These applications might be used for content generation, summarization, data analysis, or a plethora of other tasks. Riscosity’s data flow posture management platform protects sensitive data that would otherwise be accessible to LLM integrations.

Passwordless authentication for end users is taking the world by storm, offering organizations and individuals alike unprecedented security, user experience, and efficiency benefits. By all indications, the next generation of authentication for end users has finally arrived, sending the password the way of the dodo. Although they don’t get anywhere near the same hype, advanced authentication strategies for APIs are as critical as passwordless authentication for end-users.

Security reviews are a critical step in the buying process where prospects assess your organization’s security posture and evaluate the risks associated with your business. The process typically occurs just before a deal is signed and sealed—when the stakes are especially high. ‍ Anyone who’s been involved in a security review before knows all too well how time-consuming, clunky, and manual the process can be.

The main difference between an attack vector and an attack surface is that an attack vector is the specific way a cybercriminal can take advantage of an entry point, whereas an attack surface is the total number of entry points that a cybercriminal could potentially exploit.

The CREST Cyber Security Incident Response (CSIR) accreditation is an esteemed certification designed to assure that an organisation has the necessary processes, skills, and capabilities to support clients in mitigating, responding to, and recovering from cyber incidents. CREST, a globally recognised accreditation body, sets the benchmark for high standards in cyber security, ensuring that accredited companies deliver excellence in every facet of cyber response services.

Modern software development teams will have individual preferences about whether to use IDEs or which testing framework or coding convention to adopt. However, for teams that want to deliver high-quality software at a rapid pace, continuous integration and continuous delivery (CI/CD) is a must-have. Mature, high-performing dev teams lean heavily on their CI/CD pipeline. Because of this heavy dependence on CI/CD, ensuring the security of your CI/CD pipeline is incredibly important.