Category: AI in news
Recently, I represented Fortinet at a U.S. House Committee on Energy and Commerce hearing about strengthening cybersecurity in a digital era. I emphasized the importance of public-private partnerships to strengthen cyber resiliency in the United States, how organizations can implement secure-by-design recommendations, and work to close the cybersecurity workforce gap. Below, I recap some of the key points I made in my testimony.…
Read More
Mar 19, 2024The Hacker NewsAPI Security / Vulnerability Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of internet traffic (71%) in 2023 was API calls. What’s more,…
Read More
Mar 19, 2024NewsroomGenerative AI / Incident Response Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. “Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively lowering detection rates,” Recorded Future said…
Read More
To help companies scale business operations with AI without having to worry about the technology’s underlying risks, cybersecurity provider Orca Security has rolled out an AI-SPM offering available through its flagship, SaaS-based cloud security platform. Orca claims the new AI-SPM capabilities, including features such as AI bill of materials (BOM), sensitive data detection, and public…
Read MoreAI and the Evolution of Social Media Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation, business conspiracy, malfeasance, and risks to mental health. In a 2022 survey,…
Read More
In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards. The Strategic Importance of…
Read More
API implementation flaws in an enterprise can lead to posture problems. Most common among them include shadow endpoints, unauthenticated resource access, sensitive data in a URL, a permissive cross-origin resource sharing (CORS) policy, and excessive client errors. Runtime problems, on the other hand, are active threats demanding immediate action. These include unauthenticated resource access attempts,…
Read More
Fast and efficient collaboration is essential to today’s business, but the platforms we use to communicate with colleagues, vendors, clients, and customers can also introduce serious risks. Looking at some of the most common collaboration tools — Microsoft Teams, GitHub, Slack, and OAuth — it’s clear there are dangers presented by information sharing, as valuable…
Read More
Mar 19, 2024NewsroomThreat Intel / Cybercrime A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diaconu was charged with conspiracy to commit access…
Read More
A recent attack campaign by one of North Korea’s state-run hacking groups uses a new PowerShell and VBScript-based attack chain that’s initiated from inside LNK files. Multiple attack stages are downloaded from legitimate cloud services and the final payload is an open-source remote access trojan. “All of the C2 communication is handled through legitimate services…
Read More