Security Boulevard

MAY 26, 2022

Threat Modeling Should Be A Team Sport. Pen-tester, Vulnerability Scanning, Risk Management, and Threat Modeling should be one engagement. Pen-tester, Vulnerability Scanning, Risk Management, and Threat Modeling should be one engagement. Define and describe what the model covers. Rank each threat.

Risk 69

Risk Architecture Software Passwords 69

Penetration Testing

FEBRUARY 22, 2024

A recent investigation by Trustwave SpiderLabs’ Email Security team has uncovered a sophisticated Phishing-as-a-Service (PaaS) platform known as Tycoon Group.

Phishing 84

Phishing Penetration Testing Risk 84

Malwarebytes

DECEMBER 8, 2023

Meta has announced Purple Llama, a project that aims to “bring together tools and evaluations to help the community build responsibly with open generative AI models.” Take for example the older models that were used to determine whether a file was malware or not. The chance that this file is malicious is 90%. ).

Risk 89

Risk Artificial Intelligence Manufacturing Cybersecurity 89

The Last Watchdog

AUGUST 13, 2023

Generative AI makes use of a large language model ( LLM ) – an advanced algorithm that applies deep learning techniques to massive data sets. I spoke with Casey Ellis , founder of Bugcrowd , which supplies crowd-sourced vulnerability testing, all about this. Island supplies an advanced web browser security solution.

Artificial Intelligence 246

Artificial Intelligence Engineering Internet Internet 246

Adam Shostack

JULY 15, 2021

I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. Threat modeling within the standard. I am glad to see threat modeling included in the standard. This is a really good list. I look forward to either and both.).

Software 100

Software Government Marketing Cybersecurity 100

Zigrin Security

SEPTEMBER 13, 2023

This article is not about “How to use the benefits of AI language models while conducting penetration test”. This article is about “How to conduct a penetration test towards AI language models”. In this article you will find: The famous ChatGPT Why Should You Arrange a Penetration Test for Your AI Model as an Executive?

Penetration Testing 52

Penetration Testing Data privacy Hacking Risk 52

CSO Magazine

MARCH 16, 2023

AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Fundamental to managing AI risks will be threat modeling and testing for weaknesses in AI deployments.

CISO 106

CISO Digital transformation Risk Cybersecurity 106

Heimadal Security

APRIL 6, 2023

A threat hunting framework is a collation of data-driven adversarial scenarios, backed up by hypothetical, field-tested, or time-honored TTPs (i.e., Serving a wide array of security-wise needs such as baselining, forecasting, threat modeling, vulnerability discovery, and incident response optimization.

69

69

Anton on Security

AUGUST 31, 2022

In fact, back in 2016 we were creating a modern SOC model at Gartner and “detection engineering” was very much part of the SOC model. This advice is sorely needed at many SOCs I’ve seen where panic-driven (“OMG a new threat, how/where do we detect it?! In other words, they do security, but not security engineering.

Engineering 189

Engineering Risk 189

The Last Watchdog

FEBRUARY 28, 2022

However, APIs have gained traction so rapidly and deeply that not nearly enough attention has been paid to the associated security shortcomings. Many organizations, SMBs and enterprises alike, do not understand the scope and scale of their deployments of APIs, much less how to go about effectively securing their APIs. Tool limitations.

Penetration Testing 266

Penetration Testing Digital transformation Mobile IoT 266

SecureWorld News

MAY 2, 2024

The role of a Chief Information Security Officer (CISO) is undeniably complex, yet incredibly rewarding. However, the challenges faced by CISOs are mounting, exacerbated by the evolving threat landscape and regulatory environment. These incidents underscore the critical importance of effective governance in cybersecurity programs.

CISO 76

CISO Government CSO Artificial Intelligence 76

CyberSecurity Insiders

JUNE 12, 2023

As advantageous as AI is to businesses, it also creates very unique security challenges. For example, adversarial attacks that subtly manipulate the input data of an AI model to make it behave abnormally, all while circumventing detection. Zero Trust moves away from the traditional notion of a secure perimeter.

Risk 106

Risk Architecture Data privacy Encryption 106

LRQA Nettitude Labs

JANUARY 25, 2024

The introduction of the newly released guidelines for secure AI system development by the National Cyber Security Centre (NCSC) emphasizes the growing importance and integration of AI systems in various sectors. It acknowledges the potential risks and security challenges these systems present.

Risk 52

Risk Accountability Cybersecurity Artificial Intelligence 52

NetSpi Executives

SEPTEMBER 5, 2023

As the adoption and use cases continue to grow, it is critical that organizations understand the unique threats that AI/ML brings along with it, along with identifying weak spots and building more resilient models. Our Infrastructure Security Assessment tests the surrounding infrastructure around your model.

Penetration Testing 52

Penetration Testing Risk Network Security Technology 52

Security Boulevard

AUGUST 12, 2022

Penetration testing and vulnerability scanning are two different things. Penetration testing will give you information about exploiting vulnerabilities whereas a vulnerability scan will just provide you with potential avenues for exploitation. Security is now a part of the business. Insight #1. Insight #2. ". Insight #3. ".

CISO 97

CISO Penetration Testing Cybersecurity Risk 97

The Last Watchdog

MARCH 8, 2023

Therefore, the security of APIs is crucial to ensure the confidentiality, integrity, and availability of sensitive information and to protect against potential threats such as data breaches, unauthorized access, and malicious attacks. So, how can you ensure your API security is effective and enable your digital transformation?

Digital transformation 200

Digital transformation Data breaches Cyber Risk Marketing 200

CSO Magazine

MARCH 22, 2023

Backslash Security has announced its launch with a new cloud-native application security (AppSec) solution designed to identify toxic code flows and automate threat models. To read this article in full, please click here

Risk 71

Risk 71

Dark Reading

SEPTEMBER 7, 2022

Penetration testing not only serves to triage and validate other defect discovery activities, it informs risk management activities, such as threat modeling and secure design.

Penetration Testing 67

Penetration Testing Risk 67

NetSpi Executives

FEBRUARY 21, 2024

Artificial Intelligence (AI) and Machine Learning (ML) present limitless possibilities for enhancing business processes, but they also expand the potential for malicious actors to exploit security risks. Like many technologies that came before it, AI is advancing faster than security standards can keep up with.

Penetration Testing 40

Penetration Testing Artificial Intelligence Cybersecurity Architecture 40

Google Security

OCTOBER 26, 2023

Mihai Maruseac, Sarah Meiklejohn, Mark Lodato, Google Open Source Security Team (GOSST) New AI innovations and applications are reaching consumers and businesses on an almost-daily basis. The first principle of SAIF is to ensure that the AI ecosystem has strong security foundations. For open source models , what was the training code?

Software 88

Software Artificial Intelligence Malware Engineering 88

Anton on Security

SEPTEMBER 13, 2023

As you may have noticed, we have released a new paper on securing AI. This applies to securing the infrastructure, models, capabilities and other things related to AI, not just running AI workloads. Notice where Phil says what his highlights are: “ So on one level, it’s like software security.

Artificial Intelligence 130

Artificial Intelligence CISO Software Government 130

Anton on Security

MAY 19, 2022

In this post, we will share our views on a foundational framework for thinking about threat detection in public cloud computing. To start, let’s remind our audience what we mean by threat detection and detection and response. This means new threats evolve, old threats disappear all the while the importance of many threats changes.

Threat Detection 299

Threat Detection Technology Backups Data breaches 299

eSecurity Planet

FEBRUARY 26, 2024

They’re particularly dangerous because it’s difficult for security or development teams to see an XSS vulnerability, and it’s also hard to see the effects of an attack until the ensuing breach is well underway. XSS attacks have multiple security and business risks, including credential theft and damaged company reputation.

Risk 104

Risk Financial Services Engineering Software 104

SecureWorld News

FEBRUARY 21, 2024

Our pivotal task lies in harmonizing innovation with robust security safeguards." Healthcare organizations would need to evaluate their AI for accuracy, fairness, and security—similar to testing new drugs for safety and efficacy before they reach patients. Here is Sen. Wyden's full statement before the U.S.

Healthcare 77

Healthcare Artificial Intelligence Government Penetration Testing 77

Security Affairs

JULY 26, 2021

Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network. The experts were able to select a layer within an already-trained model (i.e. The models were recognized as zip files by VirusTotal.

Malware 131

Malware Antivirus Artificial Intelligence Engineering 131

eSecurity Planet

FEBRUARY 13, 2023

Application security is the practice of securing software and data from hackers, whether that application comes from a third party or was developed in house, regardless of where it resides or how it’s accessed. How Does Application Security Work? What Are the Types of Application Security?

Mobile 98

Mobile Computers and Electronics Risk DDOS 98

eSecurity Planet

MAY 22, 2023

Security researchers recently published a paper detailing an attack they say can be used to bypass smartphone fingerprint authentication. Yiling He of China’s Zhejiang University and Yu Chen of Tencent Security’s Xuanwu Lab are calling the attack BrutePrint , which they say can be used to hijack fingerprint images.

Authentication 109

Authentication Encryption Password Management Antivirus 109

eSecurity Planet

APRIL 30, 2024

Setting up a firewall is the first step in securing your network. A successful firewall setup and deployment requires careful design, implementation, and maintenance to effectively improve your network integrity and data security. Take note of your security requirements, physical environment, and component interoperability.

Firewall 62

Firewall Architecture Firmware Risk 62

Anton on Security

FEBRUARY 5, 2024

If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). They may be unable to keep up with the latest threats or support the latest features and capabilities. are we a bit harsh here? Frankly no!

Threat Detection 100

Threat Detection Engineering Artificial Intelligence Risk 100

eSecurity Planet

JANUARY 20, 2023

Worse, the researchers found, ChatGPT can take the code produced and repeatedly mutate it, creating multiple versions of the same threat. “We believe these hackers are most likely trying to implement and test ChatGPT [for] their day-to-day criminal operations,” the researchers wrote.

Malware 143

Malware CISO Cybersecurity Technology 143

Security Affairs

DECEMBER 10, 2023

The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more. The severity significantly escalates if the DRIVING MODE is activated.

Accountability 137

Accountability Hacking Mobile Information Security 137

Adam Shostack

MAY 26, 2021

There’s an insightful comment , “Everybody has a testing environment. But much like you can only allow things to be broken if you have detection, response, and recovery when things break, you can move faster by when you’ve thought about the security framework that allows you to do that.

Architecture 130

Architecture Risk 130

Security Affairs

APRIL 14, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 113

Data breaches Social Engineering Malware Hacking 113

Google Security

MAY 26, 2021

Posted by Jon Markoff and Sean Smith, Android Security and Privacy Team Integrating security into your app development lifecycle can save a lot of time, money, and risk. That’s why we’ve launched Security by Design on Google Play Academy to help developers identify, mitigate, and proactively protect against security threats.

Encryption 133

Encryption Risk 133

ForAllSecure

MAY 19, 2023

As software development teams move towards a DevOps culture, security is becoming an increasingly important aspect of the development process. DevSecOps is a practice that integrates security into the DevOps workflow. According to GitLab’s 2022 Global DevSecOps Survey , there isn’t enough clarity around who owns security.

Software 52

Software Risk Insurance Healthcare 52

NetSpi Executives

OCTOBER 5, 2023

and as these changes are made it is normal for new threats to be introduced. It is critical that companies review these threats, ideally early in the planning phase, but also as an on-going practice throughout the product lifecycle to allow for information-based decision making with all needed data.

Penetration Testing 52

Penetration Testing Architecture Risk Technology 52

Security Affairs

DECEMBER 14, 2020

The SoReL-20M database includes a set of curated and labeled samples and security-relevant metadata that could be used as a training dataset for a machine learning engine used in anti-malware solutions. The availability of large and well-formed training sets is a major problem for the implementation of machine learning models.

Malware 122

Malware Threat Detection Engineering Hacking 122