Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Artificial intelligence is the hottest topic in tech today. AI algorithms are capable of breaking down massive amounts of data in the blink of an eye and have the potential to help us all lead healthier, happier lives. The power of machine learning means that AI-integrated telehealth services are on the rise, too. Almost every progressive provider today uses some amount of AI to track patients’ health data, schedule appointments, or automatically order medicine.

Since the onset of the pandemic in 2020, global concern for data security and privacy has skyrocketed like a dazzling display of fireworks on New Year’s Eve. With an ever-increasing number of people utilizing online services and sharing their personal information on websites to engage in e-commerce transactions, the infrastructure for collecting and safeguarding consumer data has become of paramount importance.

Ever since Pompompurin’s arrest and the shutdown of BreachedForums, threat actors have been looking for a new home to migrate and continue their cybercrime activities, especially the data leakage groups. Although Telegram has become one of the most popular platforms for the cybersecurity community, data leakage groups and other cybercrime sellers still need an underground forum to advertise their services and findings.

Microsoft has observed a thirty-eight percent increase in cybercrime-as-a-service (CaaS) offerings for launching business email compromise (BEC) attacks between 2019 and 2022. “Cybercriminal activity around business email compromise is accelerating,” the company said in a report. “Microsoft observes a significant trend in attackers’ use of platforms like BulletProftLink, a popular service for creating industrial-scale malicious email campaigns.

The Insider reported that an apparently AI-generated photo faking an explosion near the Pentagon in D.C. went viral. The Arlington Police Department confirmed that the image and accompanying reports were fake. But when the news was shared by a reputable Twitter account on Monday, the market briefly dipped. The photo was spread by dozens of accounts on social media, including RT, a Russian state-media Twitter account with more than 3 million followers — but the post has since been deleted.

As you all know, KnowBe4 frequently promotes security awareness training and we also mention that unpatched software is a distant number two issue after social engineering. We generally say that unpatched software is involved in 20%-40% of successful exploits. It's been hard though to get good figures on that for years and even CISA has not published hard numbers, even though they appear to focus on it.

Credit Control Corporation, or CCC, is a Virginia-based company that offers debt collection solutions to different companies. The organization provides budget planning services, follows up with third-party insurance offers, handles cash flow improvement programs, and more. This business is made up of 25 individuals and generates approximately $7 million in revenue annually.

Market pressures and growth opportunities are accelerating digital transformation. According to Gartner, 89 percent of board directors say digital is embedded in all business growth strategies. Meanwhile 99 percent say that digital transformation has had a positive impact on profitability and performance (KPMG). The cloud, connected IoT devices, and remote work capabilities are the cornerstones of digital transformation.

For those wondering what GraphQL is… “GraphQL is a query language for your API, and a server-side runtime for executing queries using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.”

The Apache Log4j vulnerability has been making global headlines since it became public on 9th December 2021. The report stated that the vulnerability affects Apache log4j between versions 2.0 and 2.14.1 and is independent of the underlying JDK version. It was a full-blown security meltdown that resulted in hackers performing remote code executions and affected digital systems across the globe. In response, Apache implemented patch fixes, but some components remained unattended.