On Wednesday, March 6th, 2024 the US Attorney’s Office of Northern California announced that a federal grand jury had indicted Linwei Ding on four counts of trade secrets theft. Ding was arrested in Newark, California and now faces up to 10 years in prison and a fine of $250,000. We did a deep dive into the indictment to understand what happened and help security leaders and practitioners apply lessons to their own information security practice. Read on to learn more!

IoT pentesting, also known as IoT penetration testing, is a process of assessing the security vulnerabilities of IoT devices and networks. The purpose of IoT pentesting is to identify weaknesses in the system that could be exploited by attackers and to suggest remediation measures to enhance the overall security of the IoT infrastructure. The process of conducting a successful IoT penetration test involves several steps.

Penetration testing, also known as pen testing, is a method of evaluating the security of computer systems and networks by simulating an attack. It helps identify vulnerabilities and security flaws to mitigate potential risks. The article "Learn About the Five Penetration Testing Phases" discusses the five phases involved in a penetration testing process.

Denver, Colorado, is home to beautiful mountain views and an airport with an interesting Wikipedia page. You might know it as home to multiple sports teams or as the Mile High City (1.34 KM High City) due to its famous elevation. Or you might know it as the home of the Great American Beer Festival.

In order to prevent worst-case data leak and data loss scenarios, security teams need to have both proactive and reactive measures in place. Let’s explore this further with an example. Imagine your sensitive data as valuables within a house. There are multiple ways to secure that house, including the following. To put this example into practice, security teams would need to: The first and last of these bullet points fall under the umbrella of SaaS Security Posture Management, or SSPM.

Netskope Threat Labs has observed an evasive Azorult campaign in the wild that employs multiple defense evasion techniques from delivery through execution to fly under the defender’s radar as it steals sensitive data. Azorult is an information stealer first discovered in 2016 that steals sensitive information including user credentials, browser information, and crypto wallet data.

In the busy domain of artificial intelligence (AI), the emergence of Private Language Model Models (LLMs) marks a pivotal development in addressing the escalating concerns surrounding data protection. As organizations harness the power of AI to glean insights and streamline operations, the need for safeguarding sensitive information has become more pronounced than ever.

One of the biggest issues facing government and industry is how to securely share sensitive and classified information. While information sharing and collaboration have tremendous benefits for productivity and service outcomes, they do come with risks. A dynamic, data-centric approach is key to securing sensitive information and achieving compliance.

New analysis of incident data shows threat actors are evolving their attack techniques to take advantage of budget and resource-strapped small businesses. We’ve seen industry data showing that cybercriminals have been slowly creeping downward from solely going after enterprises to targeting the SMB.

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.