Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Is Gartner Waving 'Bye Bye Bye' to EASM?

TLDR: The ways that organizations find and fix security exposures have been flawed for years. Traditional vulnerability management (VM) programs have failed to address the core issues. What’s worse, the relatively new category of External Attack Surface Management (EASM) has not solved the problems it aimed to solve. But hope, in the form of Exposure Management, is on the way.

Why Do Credential Stuffing Bots Target Live Streaming Events?

Streaming services are one of the most popular targets for cybercriminals. Using automated bots, attackers steal millions of streaming accounts each month. Adversaries quickly sell these via illegal marketplaces to make massive profits. Although any streaming service is vulnerable to account takeover and credential stuffing attacks, there are additional risks and damages when live event streaming is on offer.

Supercharge your investigation with Sysdig Sage for CDR

Artificial intelligence has taken over almost every aspect of our everyday lives. In cybersecurity, generative AI models with natural language processing are commonly being used to predict, detect, and respond to threats. But AI security assistants, although an upgrade from traditional machine learning, only provide very basic queries and summarization, which is insufficient to fully comprehend modern cloud attacks. As part of an ongoing effort to improve the cloud detection and response (CDR) experience,

AI Tools Have Increased the Sophistication of Social Engineering Attacks

The Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social engineering attacks, Channel News Asia reports. The CSA’s report found that cybercriminals are selling tools that automate these attacks, allowing unskilled threat actors to launch sophisticated attacks.

New Malvertising Campaign Impersonates Google Authenticator

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator. If someone typed “Google Authenticator” into Google, the malicious ad would be at the top of the search results. The ad copied the website description from the real Google Authenticator, but would redirect users to a phishing site. “We can follow what happens when you click on the ad by monitoring web traffic,” the researchers explain.

Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with the native control plane data from your cloud service provider.

What CISOs Must Consider During a Breach with Amy Bogac, CISO at Elevate Textiles

Welcome to the Data Security Decoded podcast, brought to you by Rubrik Zero Labs. Each episode features senior cybersecurity leaders and other luminaries with unique perspectives about the current state of data security. We explore rising trends and themes across cybersecurity and unpack what that means for organizations looking to secure their data and achieve cyber resilience. In this episode, your host, Steve Stone, is joined by Amy Bogac, CISO at Elevate Textiles and a member of the Technical Advisory Board at Radiant Security.