Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Fuzz testing is a popular testing approach used to find bugs in C/C++ and embedded software, particularly memory corruptions. It has proven effective for identifying obscure bugs that are difficult to find through other testing methods. This testing approach is increasingly being adopted by automotive companies to comply with new security standards, save time, mitigate costs, and improve software quality. Let's have a look at how fuzzing is helping all of these automotive companies.

CrowdStrike is delivering powerful new file movement visibility features in CrowdStrike Falcon Device Control to help customers identify and mitigate the risk of data loss through USB devices.

In light of recent password manager breaches, our experts have provided tips on how to protect your organization from compromised credentials. In recent weeks, cybersecurity has once again been thrust into the spotlight with the news that both LastPass and Norton LifeLock, two popular password management services, have been targeted in cyberattacks, resulting in the compromise of customer password manager accounts.

In this blog post, the KrakenLabs team will take a deep dive into a malware sample classified as LummaC2, an information stealer written in C language that has been sold in underground forums since December 2022. We assess LummaC2’s primary workflow, its different obfuscation techniques (like Windows API hashing and encoded strings) and how to overcome them to effectively analyze the malware with ease.

It’s not possible to talk about a successful cyberattack without prior access to the target company's network. Initial access brokers (IABs) are the malicious actors that perform this first step, and they are making accessing enterprise networks easier than ever.

A school principal in Volusia County, Florida has resigned after sending $100,000 to a scammer posing as Elon Musk, WESH 2 News reports. Dr. Jan McGee from the Burns Science and Technology Charter School had been in communication with the individual for four months, even though her colleagues warned her that it was a scam. “McGee told a packed audience she was taken in by a fake Elon Musk, someone posing online as the space pioneer,” WESH 2 says.

The FBI’s newly-released report shows just how ransomware continues to plague critical infrastructure sectors, despite the U.S. government’s recent efforts to stop these attacks. You’ll probably recall the news about ransomware attacking the Colonial Pipeline and other U.S. critical infrastructure (CI) to the point that the government was stepping up their efforts to stop these attacks and even conducting congressional hearings on what to do about the problem.

This MIT Technology Review headline caught my eye, and I think you understand why. They described a new type of exploit called prompt injection. Melissa Heikkilä wrote: "I just published a story that sets out some of the ways AI language models can be misused. I have some bad news: It’s stupidly easy, it requires no programming skills, and there are no known fixes.

Virtual private networks (VPNs) were introduced roughly two decades ago with the idea that creating an encrypted tunnel directly from a computer device to a network would provide secure access to company resources and communications from remote locations. VPN performance was notoriously sluggish, and they were difficult and time consuming for IT to administer, but at least the appliances were secure. Or so people thought.

The advent of connected devices has brought about significant change in the technology industry. We all accept that data is power – the more we know about our devices and users, the more effectively we can serve their needs. The integration of connected devices has transformed several industries, including healthcare, transportation, and manufacturing.