Threat actors have responded to better protections in the operating system and improved endpoint detection and response (EDR) capabilities by moving down the stack to find entry points with full visibility and privileges into the stack above.

On May10th, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) issued an urgent advisory about malicious threat activity involving the Black Basta ransomware variant. Detailed information about these threats and the associated IOCs and TTPs can be seen on #StopRansomware: Black Basta.

As AI adoptions become increasingly integral to all aspects of society worldwide, there is a heightened global race to establish artificial intelligence governance frameworks that ensure their safe, private, and ethical use. Nations and regions are actively developing policies and guidelines to manage AI’s expansive influence and mitigate associated risks. This global effort reflects a recognition of the profound impact that AI has on everything from consumer rights to national security.

Something about the springtime sunshine and blooming flowers inspires many of us to start cleaning. For some, it might be tackling the backyard shed that accumulated cobwebs over the winter or that overflowing junk drawer in the corner of the kitchen. As you survey your home and yard and decide where to start cleaning, it’s also a great time to look at your application security program and see if any of your existing processes need some tidying up. Here are a few great places to start.

CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.

“Your entire company network was compromised, all through a single login.” That’s the reality of an employee single sign-on (SSO) breach nightmare. Hackers create fake SSO login pages in order to steal employee credentials, which can literally give them “the keys to the kingdom” – access to the most sensitive data of the organization. From a disgruntled ex-employee to a compromised user, it can become a devastating security hole. It happens more than you think.

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts.

Everywhere we look, organizations are harnessing the power of large language models (LLMs) to develop cutting-edge AI applications like chatbots, virtual assistants, and more. Yet even amidst the fast pace of innovation, it’s crucial for security teams and developers to take a moment to ensure that proper safeguards are in place to protect company and customer data.

Failure to archive a completed Trial Master File (TMF) is, to put it simply, non-compliant. Despite this fact, pharmaceutical and biotech companies are often known to drag their feet on this process. Why would such organizations expose themselves to that risk? Unfortunately, there are several common hurdles that teams face when it comes to TMF archival. In this post, we’ll walk through what those hurdles are and how to overcome them.

You can’t secure what you can’t see goes the saying in cybersecurity. That’s why holistic visibility is so crucial for organizations tasked with staying safe in the evolving threat landscape, as it gives you full visibility into your environment. But there’s another adage that matters even more, because without access to log sources and the proper ingestion of their data, you can’t see the forest for the trees. But what are log sources? What does proper ingestion look like?