Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data center networks are the backbone of today’s digital economy, powering everything from cloud services to big data analytics. In today’s fast-paced digital environment, the rise of mobile apps, the 5G revolution, and the advancement of technologies like IoT and AI are reshaping the demands on technology infrastructure. This has led to a heightened need for data centers that are scalable, flexible, resilient, and efficient.

With the recent announcement of OpenAI’s ChatGPT desktop application for macOS, users gain access to LLM workflows outside of their browser. ChatGPT’s broad adoption by employees across industries, and around the world, has put employers, compliance, and security teams into high gear as they seek to balance the gains made in productivity with the potential risks of how these tools are being used.

RSA 2024 explored AI's impact on security, featuring sessions on AI governance, LLMs, cloud security, and CISO roles. Here are just a few of the expert insights shared.

Static code analysis is widely adopted among organizations for its ability to provide fast feedback loops and identify bugs early in development. However, despite its advantages, numerous bugs and vulnerabilities remain undetected and are only found when they've made their way into production or been caught by late-stage penetration testing. The best security practice involves leveraging both static and dynamic testing, such as fuzz testing.

In this edition of Corelight’s Hunt of the Month blog, we bring you a STRRAT malware detector. In recent months STRRAT has become one of the top malware families submitted to Any.Run’s malware sandbox: STRRAT is a Java-based remote access tool (RAT) that uses a plugin architecture to provide full remote access to an attacker, as well as credential stealing, key logging, and additional plugins.

A single misstep in managing sensitive data can lead to a data breach causing significant financial losses and severe damage to a company’s reputation. These breaches often expose sensitive customer and corporate data, underscoring the need for robust cybersecurity measures. Unfortunately, many organizations have an inadequate approach to data governance.

How protecting your organization from costly social engineering cyberattacks starts with effective prevention.

As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell. How did they do it? Here is the attack flow. The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, the attacker had a valid account.

Whereas traditional hacking exploits weaknesses in software or hardware, social engineering exploits weaknesses in the human psyche. By preying on people’s habits, fears, or complacency, attackers can gain access to almost any system, no matter how sensitive or well-protected. The ubiquity of personal mobile devices in the workplace has only exacerbated the threat.

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it. According to Netwrix’s 2024 Hybrid Security Trends Report, 79% of organizations experience one or more security incidents in the last 12 months. This is a 16% increase from the previous year, demonstrating that attacks are not subsiding one bit and that they are increasingly successful.