Security News
Similarly to shadow IT, shadow AI refers to all the AI-enabled products and platforms being used within your organization that those departments don't know about. Establishing a risk matrix for AI use within your organization and defining how it will be used will allow you to have productive conversations around AI usage for the entire business.
Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year - closely followed by phishing and ransomware. The research found that 43% of enterprises failed a compliance audit in the past twelve months - with the report highlighting a very clear correlation between compliance and data security.
Throughout CSF 2.0, NIST recommendations dovetail with SaaS security needs. Read about how to apply the NIST 2.0 guidelines to your SaaS stack.
Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The...
In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want to do. But if you are looking for ways to continuously...
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from...
Insider threats encompass both intentional and unintentional actions. The challenge for organizations is not only to detect and mitigate malicious insider activities but also to cultivate a culture of security awareness and proactive risk management across all levels of the workforce.
Security leaders recognize that the pattern of buying new tech and the frantic state of find-fix vulnerability management is not working, according to Cymulate. Rather than waiting for the next big cyberattack and hoping they have the right defenses in place, security leaders are now more than ever implementing a proactive approach to cybersecurity by taking action to identify and address security gaps before attackers find and exploit them.
"Our Web-Based PLC malware resides in PLC memory, but ultimately gets executed client-side by various browser-equipped devices throughout the ICS environment. From there, the malware uses ambient browser-based credentials to interact with the PLC's legitimate web APIs to attack the underlying real-world machinery," the researchers explained. "While previous attacks on PLCs infect either the control logic or firmware portions of PLC computation, our proposed malware exclusively infects the web application hosted by the emerging embedded webservers within the PLCs," the researchers noted.
In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts are forming the threat landscape in 2024 and beyond. X-Force observed shifts toward credential-driven attacks with a 71% increase in attacks caused by using valid accounts.