Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.

It is fair to say that few technologies have grabbed more news headlines in 2023 than ChatGPT. As an artificial intelligence (AI) language model, ChatGPT is a powerful tool that has the potential to revolutionize multiple business areas, including, but not limited to, marketing, operations, engineering, risk management, legal and employee optimization.

The cyber insurance market has matured rapidly over the past two years in the face of ever-evolving risk. Factors such as increased ransomware activity, ballooned claims frequency and loss severity, coupled with soaring market demand have brought us to what is referred to as the “second wave” of cyber insurance — a revolution in the way businesses are evaluated, underwritten and protected.

Less than six months ago, artificial intelligence (AI) was largely considered to be in its infancy and primarily used for niche applications, like editing photos and keeping your home at a comfortable temperature. But that’s all changed. Since OpenAI introduced GPT-3.5 in November 2022, the possibilities of generative AI have come to dominate the popular imagination.

Elon Musk's ascension isn't the first thing to cause waves of scams on Twitter, and it certainly won't be the last. On July 20th of 2022, data belonging to over 5 million Twitter users was put up for sale on the internet underground for $30,000. The FTC reported that we've experienced a recent "gold mine for scammers" and the April bump to a 10,000-character limit (for Twitter Blue) only makes things more interesting.

At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley Act (SOX) of 2002. But what does financial reporting have to do with cybersecurity and IT compliance?

In March 2022, the U.S. Securities and Exchange Commission (SEC) issued a proposed rule, the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, that, if adopted, would require companies to disclose their cybersecurity governance capabilities and the role of the board concerning oversight of cyber risk.

NTLM V1 and V2, and Kerberos are three authentication protocols. These protocols aim to enhance security, especially in the Active Directory environment. Authentication protocols are popular attack vectors. They can help attackers gain access and elevate privileges. It is important to choose the relevant and most secured protocol for your environments and configure it properly. The most veteran protocol among the three is NTLMv1.

Do not allow COM port redirection in RDP is the name of a security setting stated in Windows servers CIS benchmarks/STIGs. A COM port is an I/O interface that enables the connection of a serial device to a computer. In some cases COM ports are called “serial ports”. Most computers are not equipped with COM ports anymore but there are many serial port devices still used in computer networks.

Google’s recent introduction of ZIP top-level domain (TLD) addresses, although well intentioned has ignited a heated debate surrounding the potential cybersecurity risks associated with these domains. On the one hand, the move could make it easier for users to share and download files. For example, a website with the domain name “myfiles.zip” would be easier to remember than a long, complex string of numbers and letters.