Large language models are fascinating tools for cybersecurity. They can analyze large quantities of text and are excellent for data extraction. One application is researching and analyzing vulnerability data, specifically Common Vulnerabilities and Exposures (CVE) information. As an application security company with roots in open source software vulnerability detection and remediation, the research team at Mend.io found this a particularly relevant area of exploration.

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics. Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers steal sensitive information before encrypting it.

In this episode of Trust Issues, we dig into the recent the global IT outage caused by a CrowdStrike software update, which impacted millions of Microsoft Windows endpoints and disrupted many sectors. This “black swan” event highlights, among other things, the importance of preparedness, adaptability and robust crisis management.

What does Agile have to do with improving security? A lot! Explore highlights from Agile2024, including technical health, productive meetings, and addressing shadow IT.

In this blog post, Kelsey Sevening, Sr. Manager, Project Management at Tines shares what customers can expect when engaging with our professional services team to help them reach their goals faster. When it comes to investing in professional services, the quality of the experience can vary widely. While some customers might have exceptional experiences and others less so, most find themselves somewhere in the middle.

In the ever-evolving world of cybercrime, ransomware attacks continue to be a lucrative business for cybercriminals. The latest development comes from the Dark Angels ransomware group, who have reportedly secured a staggering $75 million ransom payment from an undisclosed victim. This eye-watering sum shatters the previous record of $40 million paid by insurance giant CNA Financial in 2021, setting a new and alarming benchmark in the ransomware landscape.

A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 (critical).

Real-time feedback on risky behavior stops sensitive data exfiltration and educates employees on security best practices, based on research from Cyberhaven Labs analyzing data on warning and blocking policy implementations.

APIs are increasingly becoming the target of choice for attackers. According to the key findings stated in the 2024 Gartner Market Guide for API Protection, "APIs — especially shadow and dormant ones — are causing data breaches among organizations that, on average, exceed the magnitude of other breaches.

In today’s digital landscape, cyber threats are constantly evolving and becoming more sophisticated. Attackers are finding new ways to breach security defenses and exploit vulnerabilities. As technology advances, so do the tactics and techniques used by cybercriminals. Gone are the days when simple antivirus software and firewalls were enough to protect against cyber threats.