Security Operations Center (SOC) analysts have it rough. Modern security tools generate an extraordinary number of alerts, attackers are more sophisticated than ever, and IT infrastructures are unprecedentedly complex. As a result, analysts are overwhelmed with workload and alerts, making it near-impossible to make intelligent, informed decisions. Fortunately, artificial intelligence (AI) is helping to ease the strain. Let’s look at how.

More than ever, business growth is reliant on proving security and compliance. According to Vanta’s State of Trust Report, nearly two-thirds (65%) of organizations say that customers, investors, and buyers require proof of compliance. ‍ GRC and security teams are on the frontlines managing these requests. Yet these teams are too often under-resourced and burdened with processes and systems that waste their time.

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to establishing a secure environment, and this includes service accounts.

FunkSec ransomware threatens victims globally, malvertising scam targets Google Ads users, and threat actors use fake software and installers to push malware.

As cyber attacks grow in sophistication, traditional security models become more vulnerable, prompting many organizations to adopt zero-trust security. The main difference between traditional and zero-trust security models is how they approach access control. Traditional security models assume trust for users inside their networks, whereas zero-trust security verifies every user and device by default, requiring continuous authentication.

Researchers at Malwarebytes are tracking a major malvertising campaign that’s abusing Google Ads to target individuals and businesses interested in advertising. The threat actors are using compromised Google Ads accounts to run ads that impersonate Google, leading victims to a fake Google login page designed to steal their credentials.

Developers need to prevent credentials from being exposed while working on the command line. Learn how you might be at risk and what tools and methods to help you work more safely.

The Russian threat actor “Star Blizzard” has launched a spear-phishing campaign attempting to compromise WhatsApp accounts, according to researchers at Microsoft. The operation targets individuals who are involved in providing assistance to Ukraine.

Among the most important aspects of building a new digital economy are protecting sensitive digital "boxes" of data, which takes a special kind of work to do well. Cyber security managed services have emerged as a practical solution to this issue, equipped with comprehensive defense mechanisms with professionals' strategies and the latest technologies. Threats evolve, and businesses cannot rely on old security methods anymore.

Recently, I looked at Microsoft’s assigned CVSS v3.1 scores for Patch Tuesday vulnerabilities alongside the Microsoft assigned severity ratings. I wanted to revisit these numbers and see just how closely CVSS aligns with Microsoft’s opinion of severity. Disclaimer: I’m aware that CVSS v4.0 exists. However, Microsoft has not yet adopted it, and I wanted an apples-to-apples comparison.