Mar 21, 2024NewsroomThreat Intelligence / Vulnerability Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that’s used to target Laravel applications and steal sensitive data. “It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio,” Juniper Threat Labs researcher Kashinath T Pattan…
Read MoreToday, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, to address the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of…
Read More
“Implementations of UDP application protocol are vulnerable to network loops,” according to the vulnerability’s NVD entry. “An unauthenticated attacker can use maliciously crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.” CISPA researchers explained the attack loop can be initiated by sending one single IP-spoofed error…
Read More
Mar 21, 2024NewsroomMachine Learning / Software Security GitHub on Wednesday announced that it’s making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. “Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90%…
Read More
In today’s digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly. That’s why effective vendor risk management (VRM) is a critical strategy…
Read MorePublic AI as an Alternative to Corporate AI This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. It’s nothing I haven’t said here before, but for anyone who hasn’t read my longer essays on the topic, it’s a shorter introduction. The increasingly centralized control of…
Read More
When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks…
Read More
Mar 21, 2024NewsroomNational Security / Data Privacy The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich…
Read More
When someone takes on the CISO role, they go into it knowing the demands of the job. Even so, the overwhelming responsibilities of a CISO may not comfortably align with the responsibilities of having a family. “You can hire good people who can give you some time off at night, for example, or a security…
Read More
Cybersecurity is now a top priority for businesses in Singapore as IT and business leaders understand the financial and reputational damage that cyberattacks can inflict. However, relentless pressure from ever-evolving cyber attacks is leading to burnout among cybersecurity professionals. A recent Sophos report found that 88% of cybersecurity professionals in Singapore are impacted by cybersecurity…
Read More