Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

The 443 Podcast - Episode 303 - Leaking Every American's SSN

This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.

Protecting Personal Identifiable Information in AI: Best Practices for Enterprises

Personal Identifiable Information (PII) includes sensitive data such as social security and passport numbers, as well as biometric data like faces and fingerprints. When training or refining Large Language Models (LLMs), there’s a risk of accidentally including PII, leading to significant real-world consequences like identity theft, privacy violations, and financial losses.

An Inside Look at Detecting API Security Risks with Panoptica

API attacks are predicted to become the most frequent attack vector for cloud ecosystems. How can organizations address API security risks? In this video, Tim Szigeti, Distinguished Technical Marketing Engineer at Outshift by Cisco, shares a quick demo of Panoptica’s API security dashboard. See how you can use the Panoptica CNAPP to get the full picture of your overall security posture, including internal, external, and third-party APIs, evaluate findings, and take next steps to secure your cloud.

API Leaks: Identifying and Preventing Data Exposure

In this video, we explore the growing concern of API leaks and how they can lead to significant data exposure. Learn about the key strategies for identifying and preventing API leaks to protect your organization’s sensitive information. Our experts provide actionable insights on mitigating risks associated with API vulnerabilities.

The Other Crowdstrike Outage

On July 19, 2024, a flawed update in CrowdStrike Falcon's channel file 291 led to a logic error that caused Windows systems to crash, resulting in widespread BSOD (Blue Screen of Death) incidents. The impact was severe, disrupting critical infrastructure globally, from grounded flights to halted public transit systems. In fact, you’d have to have been living under a rock to have missed this incident.

The Long Road to Recovery Following a Ransomware Attack

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which compiles all the information in a consistent manner. On average, a cyber attack can last anywhere from a few days to several weeks, with the recovery time often extending to months or even years.

Ransomware Group Known as 'Royal' Rebrands as BlackSuit and Is Leveraging New Attack Methods

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI. The latest advisory from the FBI on ransomware threat group BlackSuit, is actually an updated 18-month-old advisory originally released to warn organizations about the threat group Royal. It appears that the group has rebranded, according to the advisory, and has updated their methods of attack.

Is Disabling Clickable URL Links Enough?

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee security awareness training and simulated phishing. We can understand why this misperception might exist. Many anti-phishing educational lessons discuss the need for people to evaluate all URL links before clicking on them.

Out with the Old - Keeping Your Software Secure by Managing Dependencies

During 2023, the U.S. witnessed a record high in supply chain cyber-attacks, affecting 2,769 organizations. This figure represents the largest number recorded since 2017, marking an approximate 58% annual increase in impacted entities. If there ever was a doubt, now it’s crystal clear that YOUR SOFTWARE SUPPLY CHAIN IS A TARGET. Developers, DevOps and Security teams must prioritize processes that enhance security for all phases of the software supply chain.