Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

‍As a CIO at a mid-sized company, I faced a new challenge when vendors asked for more specifics about our information security and the protocols we have in place to safeguard our sensitive data. Naturally, those questions were directed toward the IT team (and were phrased in ISO 27001 terminology), which was initially challenging because we had limited knowledge of that particular standard.

The constant evolution of technology has led to increasingly sophisticated and frequent cybersecurity threats. As a result, the need for skilled professionals who can effectively handle these threats has never been more pressing. Sadly, there is a shortage of such experts to meet the growing demand. The (ISC)² Cybersecurity Workforce Study revealed that the global cybersecurity workforce gap is 3.4 million people.

While some of the obvious misuse of ChatGPT in the world of cyber security was not unexpected – asking the artificial intelligence to write harder-to-detect malware and easier-to-convince phishing emails – a new threat has emerged that can leverage the very nature of the large language model. Ultimately, ChatGPT is a learning machine, and bases its answers on information it sources from the Internet.

Unless engineering practices introduce efficiencies, promote flexibility and drive revenues early, cloud migrations risk stalling because of cost and time overruns.

A subdomain is a prefix added to a domain name to separate a section of your website. It’s a part of the Domain Name System (DNS) hierarchy and is a domain that is a part of another (main) domain. Subdomains are primarily used to manage extensive sections of a web application that require their own content hierarchy, such as online stores, blogs, job boards, or support platforms.

Cyberint discovered in the ‘wild’ what could possibly be associated with the ‘Cardpool’ gift card breach, a file named ‘cardpool leak’. It was collected by our platform, Argos. ‘Cardpool’ was an online business where customers exchanged or sold their unwanted or partially used gift cards. It was shut down in early 2021, but it’s been discovered that in late April 2021, a Russian Threat Actor allegedly sold $38 million worth of gift cards there.

SecurityScorecard conducted an extensive investigation into the Zellis breach. This research revealed alarming insights about the scale and persistence of the attack. The data exfiltration was carried out in several steps: Netflow data from Zellis IP ranges indicated large outbound transfers over HTTPS, which pointed towards the presence of a web shell. Additionally, SecurityScorecard researchers detected exfiltration over SSH to known malicious IP addresses.

Introducing Self-Managed Rules, a new addition to our fully managed security suite! AppTrana empowers you to take control, allowing you to create, view, and manage the custom rules All By YOURSELF!

A data breach is an IT security incident where data is compromised or stolen from a system without the knowledge or authorization of its owner. But what happens when a third party is involved? Stolen data may include sensitive, proprietary, or confidential information such as credit card numbers, trade secrets, customer, or patient data. Third party breaches cost millions of dollars every year to companies of all sizes.

As seen in Defence Connect, archTIS’s Tony Howell discusses the opportunities and cybersecurity implications of AUKUS for Defence suppliers with Editor Liam Garman.