In this episode of Trust Issues, CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe joins host David Puner for a discussion about the emerging threat of AI kiddies, a term that describes novice attackers using large language models (LLMs) and chatbots to launch cyberattacks without any coding skills.

On December 26, 2023, the Office of Information and Regulatory Affairs (OIRA) released the 234-page Cybersecurity Maturity Model Certification (CMMC) proposed rule. This kicked off a 60-day public request for comments. The final rule is expected to be released in early March 2024, and some industry experts expect it to go into effect as late as Q1 of 2025.. This kicked off a 60-day public request for comments.

Cybersecurity's overarching purpose is to better protect an organization against cyber events. However, especially in the corporate setting, it's not enough for chief information security officers (CISOs) to say they've implemented a patch or a firewall and, therefore, their systems are "more" secure. Not only is the result’s description vague, but it also offers very little insight into its ROI. ‍

Public cloud infrastructure is, by now, the default approach to both spinning up a new venture from scratch and rapidly scaling your business. From a security perspective, this is a brand new (well, by now more than a decade old) attack surface. “Attack surface” is a commonly used term that denotes the aggregate of your exploitable IT estate, or all of the different pathways a hacker might be able to use to gain access to your systems, steal your data, or otherwise harm your business.

Generative AI and large language models (LLMs) are revolutionizing natural language processing (NLP), offering enhanced conversational AI experiences for customer service and boosting productivity. To meet enterprise needs, it’s important to ensure the responses that are generated are accurate as well as respect the permissions model associated with the underlying content.

We’re excited to announce that Riscosity has successfully completed its SOC 2 Type II audit. This is a big effort for any organization, and it shows our commitment to protecting our customers’ sensitive data.

Setting and enforcing a policy for strong passwords should be a top priority for organizations in their cyber hygiene practice. Best practices and recommendations keep being updated since this issue is so critical for attack prevention. In fact, compromised passwords are responsible for 81% of successful attacks.

In today's fast-paced business environment, the ever-evolving landscape of technology empowers employees with unprecedented flexibility and agility. While this fosters innovation and productivity, it also presents a lurking challenge—Shadow IT. This term encapsulates the use of unauthorized software, applications, or devices within an organization, posing substantial cybersecurity risks and operational hurdles.

Read also: Sanctions used for the first time for a Russian cybercriminal, Trickbot member gets a 5-year prison sentence, and more.

If you’re using GKE (Google Kubernetes Engine), you should be extremely cautious when adding roles to the system:authenticated group because anyone with a Gmail account can access your cluster.