It's time for you and your colleagues to become more skeptical about what you read. That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news. Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed.
Cyberattacks have never been more common than they are now. This is particularly true as the world starts to recover from the pandemic and moves toward a more cloud-based approach. Did you know that 54% of businesses were victims of cyberattacks in the past year? And 75% reported increased security incidents, most frequently caused by identity thefts, ransomware,
A thriving hacker has been found to be posting a college database showcasing it to be a breach. This happened to one of the colleges in the southern region of India, Kerala. Necessary measures have been taken to keep them up to date! The college’s information was found to be floating around on the Dark Web. These data seem to be highly sensitive. These data could be acquired by any human being for just a few thousand.
APT hackers turn to malicious Excel add-ins as initial intrusion vector, PurpleUrchin bypasses CAPTCHA and steals cloud platform resources, and Russia’s Turla APT piggybacks on other hackers’ USB infections.
Third party risk assessment is the process of evaluating and managing the risks associated with engaging third parties. It involves identifying, assessing, and mitigating potential risks that could arise from working with external vendors or partners. The goal of this type of assessment is to ensure that any risks posed by these relationships are minimized or eliminated altogether.
In the event that there was a malicious actor who wanted to disable a country or state's power supply, the utility sector would be one of the first targets of this attack as seen in the Moore County power outage and the recent attacks on Portland’s infrastructure. Whenever stakes are this critical, it is essential that security is prioritized throughout the systems and processes involved in such matters.
Kubernetes adoption has rocketed into ubiquity. At this point, 96 percent of organizations are either using Kubernetes for container orchestration or evaluating its use, according to the latest Cloud Native Computing Foundation annual survey. But this doesn’t mean that Kubernetes isn’t without security risks. The flexibility of container applications and their capability to carry discrete components that interact over the network present security challenges.
In the first blog in this series, we discussed setting up IAM properly. Now we’re moving on to the second step, avoiding direct internet access to AWS resources. When AWS resources like EC2 instances or S3 buckets are directly accessible via the Internet, they are vulnerable to attack. For example, brute force attacks on SSH login, denial of service (DOS) attacks on server resources via Layer 3, 4, or 7 flooding, or the inadvertent disclosure of data on an S3 bucket.
