Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the ever-evolving landscape of digital business, security is paramount. As businesses navigate the complexities of today's interconnected world, ensuring the safety of sensitive data and maintaining the integrity of operations becomes a top priority. Partner with Airtel, a trusted leader in telecommunications, and explore the cutting-edge Airtel Managed Security Services, fortified by the robust Elastic Security stack.

During a recent customer assessment, our pen testers discovered a critical vulnerability that exemplifies the importance of manual and continuous pen testing. The issue involved a feature intended for administrators, allowing them to send messages to a “broadcast” endpoint, which would then be displayed in a modal pop-up box for all logged-in users of the web application. However, our pen testers found that this functionality was accessible to any user, regardless of their role.

In a recent ad on a closed Telegram channel, a known threat actor has announced it’s recruiting AI and ML experts for the development of it’s own LLM product.

With authentication, you can face serious consequences if you follow the old motto, “if it ain’t broke, don’t fix it.” From applications to APIs, authentication tells you whether the person or technology accessing a resource is legitimate. In 2017, the Open Worldwide Application Security Project (OWASP), identified broken authentication as #2 on its list of Top 10 application security threats.

Welcome to the final installment in our “Add to Chrome?” research! In this post, we'll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses models or algorithms to help find threat-hunting leads, or to help make complex problems more approachable.

A passphrase is a more secure way to create a password that uses a string of random words instead of a string of random characters. Passphrases tend to be easier to remember, longer and more secure than most user-generated passwords. However, weak passphrases are still susceptible to password-related cyber attacks.

Password entropy is a measurement of how difficult it would be for a cybercriminal to crack or successfully guess your password. When calculating password entropy, the calculation takes into account how long your password is and the variation of characters you’re using. Character variations include the use of uppercase and lowercase letters, numbers and symbols. Continue reading to learn more about the importance of password entropy and how you can calculate it using the password entropy formula.

Generative AI has captured the imagination of the world by being able to produce poetry, screenplays, or imagery. These tools can be used to improve human productivity for good causes, but they can also be employed by malicious actors to carry out sophisticated attacks. We are witnessing phishing attacks and social engineering becoming more sophisticated as attackers tap into powerful new tools to generate credible content or interact with humans as if it was a real person.

The United States Cybersecurity and Infrastructure Agency (CISA) and seventeen international partners are helping shape best practices for the technology industry with their ‘Secure by Design’ principles. The aim is to encourage software manufacturers to not only make security an integral part of their products’ development, but to also design products with strong security capabilities that are configured by default.