Cyberattacks are scaling up. That means security operations center (SOC) teams are overwhelmed by the volume of alerts they must analyze and how to sort out real threats vs. system noise. The good news? Artificial intelligence (AI) is poised to supercharge SOC modernization efforts with unprecedented automation, proactive threat detection, and relief for overstressed security…
Read More
AI hype and adoption are seemingly at an all-time high with nearly 70% of respondents to a recent S&P report on Global AI Trends saying they have at least one AI project in production. While the promise of AI can fundamentally reshape business operations, it has also created new risk vectors and opened the doors…
Read More
SNAP food assistance is a lifeline for more than 40 million Americans experiencing food insecurity. In a growing trend, criminals are targeting major security lapses in SNAP fund distribution, stealing millions in aid, so we asked this week’s guests how we can put a stop to it. Also: Have you ever posted anything personal on…
Read More
Feb 27, 2024NewsroomVulnerability / Website Security A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. “This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any…
Read More
Feb 27, 2024The Hacker NewsMalware / Network Security An “intricately designed” remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a “comprehensive set…
Read MoreChina Surveillance Company Hacked Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. Lots of details in the news articles. These aren’t details about the tools or techniques, more the inner workings of the…
Read More
Since 2020 when we started to record ransomware attacks and trends, LockBit has continually stayed on top as the most active ransomware gang when it comes to publicly disclosed ransomware attacks. Last year, LockBit attacks made the news with 83 attacks, 13% of all publicly disclosed attacks recorded. In 2023, we began monitoring undisclosed attacks,…
Read More
Feb 27, 2024NewsroomSupply Chain Attack / Data Security Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. “It’s possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository…
Read More
After two years of work, the US National Institute of Standards and Technology (NIST) has issued the 2.0 version of its widely referenced Cybersecurity Framework (CSF), expanding upon the draft 2.0 version it issued in September. The CSF 2.0, cited in President Biden’s National Cybersecurity Strategy and several emerging government cybersecurity policy statements, has shifted…
Read More
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional’s role. Threat intelligence platforms can significantly enhance their ability to do so. Let’s find out what these platforms are and how they can empower analysts. The Challenge: Alert Overload The modern SOC faces a relentless barrage of security alerts generated…
Read More