Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Welcome to the final installment in our “Add to Chrome?” research! In this post, we'll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses models or algorithms to help find threat-hunting leads, or to help make complex problems more approachable.

A passphrase is a more secure way to create a password that uses a string of random words instead of a string of random characters. Passphrases tend to be easier to remember, longer and more secure than most user-generated passwords. However, weak passphrases are still susceptible to password-related cyber attacks.

Password entropy is a measurement of how difficult it would be for a cybercriminal to crack or successfully guess your password. When calculating password entropy, the calculation takes into account how long your password is and the variation of characters you’re using. Character variations include the use of uppercase and lowercase letters, numbers and symbols. Continue reading to learn more about the importance of password entropy and how you can calculate it using the password entropy formula.

Generative AI has captured the imagination of the world by being able to produce poetry, screenplays, or imagery. These tools can be used to improve human productivity for good causes, but they can also be employed by malicious actors to carry out sophisticated attacks. We are witnessing phishing attacks and social engineering becoming more sophisticated as attackers tap into powerful new tools to generate credible content or interact with humans as if it was a real person.

Today, Cloudflare is announcing the development of Firewall for AI, a protection layer that can be deployed in front of Large Language Models (LLMs) to identify abuses before they reach the models. While AI models, and specifically LLMs, are surging, customers tell us that they are concerned about the best strategies to secure their own LLMs. Using LLMs as part of Internet-connected applications introduces new vulnerabilities that can be exploited by bad actors.

The United States Cybersecurity and Infrastructure Agency (CISA) and seventeen international partners are helping shape best practices for the technology industry with their ‘Secure by Design’ principles. The aim is to encourage software manufacturers to not only make security an integral part of their products’ development, but to also design products with strong security capabilities that are configured by default.

In today's fast-paced digital landscape, developers face increasing pressure to deliver secure applications within tight deadlines. With the emphasis on faster releases, it becomes challenging to prioritize security and prevent vulnerabilities from being introduced into production environments. Integrating dynamic application security testing (DAST) into your CI/CD pipeline helps you detect and remediate vulnerabilities earlier, when they are easier to fix.

Remote monitoring and management (RMM) solutions provide flexible methods to enable MSPs to detect network or device anomalies early, facilitating proactive systems monitoring. While these tools are deployed for legitimate purposes, it is common for cybercriminals to make malicious use of them.