Security News

Visibility into the security posture is critical for staying ahead of the cloud attackers due to the nature of cloud infrastructure. Security mechanisms are usually designed to address security issues in specific technologies.

To counteract new and emerging threat methods enhanced by artificial intelligence, specialized email security vendors are leveraging a synergy of AI and human insights to enhance email security, according to IRONSCALES and Osterman Research. Over 74% of respondents have experienced an increase in the use of AI by cybercriminals in the past six months, and over 85% believe that AI will be used to circumvent their existing email security technologies.

From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security. Can you comment on the challenge of creating disparate security systems for OT environments considering the variety of OT protocols? How does the difference in standardization between IT and OT systems add to this complexity?

A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform to achieve privilege escalation in the Windows operating system. "If an attacker has the ability to execute code with admin privilege and the target is to perform LSASS Shtinkering, these privileges are not enough," Ron Ben Yizhak, a security researcher at Deep Instinct, told The Hacker News.

According to Colorlib, WordPress is used by over 800 million websites worldwide. It is vital to protect your WordPress site and your data, readers, users and company by regularly auditing your WordPress site's security configurations.

It's taking place September 18-20, 2023 in Washington, DC. mWISE conference organizers have just announced new keynote panels focused on two of the most pressing issues facing security practitioners right now: Artificial Intelligence and advanced adversaries. 1) AI and Security Standards: Maximizing Innovation While Minimizing RiskAI has immense potential, but we need to make sure it works for everyone.

Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. Google offers a wide range of native security functionalities built-in to Chrome.

Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. "This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium's resilience against quantum attacks," Elie Bursztein and Fabian Kaczmarczyck said.

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that's used by 30,000 organizations.The vulnerabilities, collectively tracked as CVE-2023-32560, are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.

In this Help Net Security interview, Kevin Paige, CISO at Uptycs, provides insights into how he navigates the complex cybersecurity landscape, striking a balance between technical expertise, effective communication, risk management, and adaptive leadership. As a CISO, how do you balance maintaining technical prowess with the need to communicate complex issues to stakeholders in simple terms?