RedTail is a sophisticated malware designed for unauthorized cryptocurrency mining with a focus on Monero. It was first identified in January 2024, but it has been circulating since at least December 2023. Its latest iterations show improvements in evasion and persistence mechanisms, underscoring the significant expertise and resources driving its development.

Jay Jacobs and I recently delivered an RSA presentation called Quantifying the Probability of Flaws in Open Source. Since many people didn’t get a chance to see it, I thought I’d summarize some of the findings here for posterity. The question we investigated was simple, at least conceptually: what are the red flags of an open-source repository? Are there characteristics of a given open source library that would reliably indicate it was safer than others?

The National Institute of Standards and Technology (NIST) has announced the launch of Assessing Risks and Impacts of AI (ARIA), a groundbreaking evaluation program to guarantee the secure and trustworthy deployment of artificial intelligence. Spearheaded by Reva Schwartz, ARIA is designed to integrate human interaction into AI evaluation, covering three crucial levels: model testing, red-teaming, and field testing.

Effective identity and access management (IAM) is crucial to both data security and regulatory compliance. Closely governing identities and their access rights is vital to ensuring that each individual has access to only the business systems, applications and data that they need to perform their roles. IAM reduces the risk of accidental data exposure or deletion by account owners, while also limiting the damage that could be done by a malicious actor who compromises a user account.

A vital component of any cybersecurity strategy is robust identity and access management (commonly known by the IAM acronym). This article explains the core elements of an effective IAM implementation and their benefits. Then, it takes a deeper dive into one of those components, role-based access control (RBAC). Finally, it offers a modern IAM tool to consider that can support your organization in adopting a Zero Trust security model.

Cybersecurity is no longer optional but essential for UK businesses of all sizes. Cyber Essentials, a government-backed scheme run by the IASME consortium, offers a robust framework to protect your organisation from the growing threat of cyber attacks. But what exactly is the cost of Cyber Essentials certification, and how can you budget for this crucial investment?

The landscape of DDoS attacks is constantly evolving. Gone are the days of simple bandwidth floods. Today’s attackers employ sophisticated tactics, making DDoS protection a complex yet crucial undertaking.

Today, the Splunk Threat Research Team is thrilled to introduce ShellSweepPlus, an advancement in our ongoing mission to combat the persistent threat of web shells. Building upon the solid foundation of its predecessor ShellSweep, ShellSweepPlus is an enhanced version that takes web shell detection to new heights, incorporating cutting-edge techniques and a multifaceted approach to safeguard your web environments.

Paul Lockley – VP Sales, EMEA In the ever-evolving landscape of transportation, the emergence of Connected and Automated Vehicles (CAVs) presents a promising shift towards safer, greener, and more accessible mobility solutions. However, as we embark on this transformative journey, it’s imperative to address the ethical considerations inherent in the development and deployment of CAVs.