Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In February 2022, the Center for Internet Security (CIS) released the CIS Microsoft Windows Server 2022 Benchmark v1.0.0, providing security best practices for establishing a secure configuration and hardening guide for Microsoft Windows. For automation of CIS benchmarks, Get in Touch. Following this release, CIS updated their recommendations for older operating systems, extending back to Windows Server 2008 where applicable. Below we discuss CIS Windows server 2022 hardening script we feel are critical.

We are excited to announce that Rubrik DSPM now supports Microsoft Information Protection (MIP) sensitivity labels. This integration helps our joint customers to better track and secure files with sensitive data – both within and outside of Microsoft environments. MIP labels are used by organizations to map sensitive data within their Microsoft environment, control access to that data, and enable protection settings such as encryption.

By 2026, more than 80% of enterprises will have used generative artificial intelligence (“GenAI”) APIs, models and/or deployed GenAI-enabled application in production environments. With this fast pace of adoption, it is no wonder that artificial intelligence (AI) application security tools are already in use by 34% of organizations, a number that will no doubt increase.

Eighteen years ago we made a decision that forever changed our lives: ‘1Passwd’ went live on the internet!

Discover insights from the latest BSides Boulder, focused on AI in cybersecurity, Git mysteries, and exploiting RCEs, along with many great community conversations.

Aikido Security is now live on the Drata Integration marketplace! That’s great news because navigating today’s cybersecurity regulatory landscape is a bit like walking a tightrope in a hurricane. As cyber threats evolve, so do the regulations designed to keep them in check. Businesses now find themselves grappling with a growing list of compliance requirements, each more stringent than the last.

Cybersecurity researchers have uncovered a malicious Python package in the Python Package Index (PyPI) repository designed to distribute an information stealer known as Lumma (aka LummaC2). The counterfeit package, crytic-compilers, mimics the legitimate crytic-compile library through typosquatting tactics. Before its removal by PyPI maintainers, the counterfeit package was downloaded 441 times. Impersonation and Deception Tactics.

Cybersecurity researchers have identified an increasing trend where threat actors are abusing legitimate and commercially available packer software, such as BoxedApp, to evade detection and distribute malware, including remote access trojans and information stealers. Targeted Industries and Geographical Spread According to Check Point security researcher Jiri Vinopal, the majority of malicious samples have targeted financial institutions and government sectors.

In Q1 2024, Kroll observed SMS and voice-based tactics being used in phishing attacks, raising concern around the potential for deep fakes and AI technologies to further enhance the effectiveness of phishing attacks. Linked to this, one insider threat case investigated by Kroll in Q1 saw employee impersonation take place, another area in which AI-related technology could be especially impactful.