Geek-Guy.com

Category: Cybersecurity

Auto Added by WPeMatico

Cloudflare rolls out post-quantum encryption for enterprise users

Internet security company Cloudflare, the world’s largest DDoS-mitigation service, plans to shift a sizable chunk of its traffic through post-quantum encrypted services over the next year. Approximately 35% of human-directed web traffic to Cloudflare’s network is currently protected through advanced encryption algorithms. These algorithms are theoretically designed to withstand attacks from significantly  more powerful quantum…

Tackling Data Overload: Strategies for Effective Vulnerability Remediation

In part one of our three part series with PlexTrac, we address the challenges of data overload in vulnerability remediation. Tom hosts Dahvid Schloss, co-founder and course creator at Emulated Criminals, and Dan DeCloss, CTO and founder of PlexTrac. They share their expertise on the key data and workflow hurdles that security teams face today.…

BSides Exeter 2024 – Blue Track – Lessons From The ISOON Leaks

Authors/Presenters: Will Thomas & Morgan Brazier Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Blue Track – Lessons From The ISOON Leaks appeared first on Security Boulevard.

How can cloud security architectures incorporate NHI protection?

Are Your Cloud Security Architectures Adequate for NHI Protection? The spotlight is often on human identity protection. But have you ever considered the protection of Non-Human Identities (NHIs)? This is quickly becoming a critical point of discussion. But what exactly are NHIs, and why do they matter? NHIs are machine identities used in cybersecurity, created…

BSides Exeter 2024 – Blue Track – DFIR – Ctrl+Alt+Defeat: Using Threat Intelligence To Navigate The Cyber Battlefield

Authors/Presenters: Sophia McCall Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Blue Track – DFIR – Ctrl+Alt+Defeat: Using Threat Intelligence To Navigate The Cyber Battlefield appeared first on Security Boulevard.

Invisible C2 — thanks to AI-powered techniques

Invisible C2 — thanks to AI-powered techniques Just about every cyberattack needs a Command and Control (C2) channel — a way for attackers to send instructions to compromised systems and receive stolen data. This gives us all a chance to see attacks that are putting us at risk. LLMs can help attackers avoid signature based detection Traditionally, C2 traffic might…

How do I troubleshoot common issues with NHI automation?

Do NHIs and Secret Management Play a Vital Role in Cloud Security? If you’ve found yourself grappling with this question, you’re not alone. Machine identities, known as Non-Human Identities (NHIs), are swiftly gaining traction in the world of cybersecurity. If managed effectively, they can play a critical role in enhancing cloud security and control. To…

What are the benefits of automating the NHI lifecycle in DevOps?

The Ongoing Challenge of Managing Non-Human Identities How can organizations bolster their cybersecurity plans and stay ahead of the game? One crucial strategy could be the efficient management of Non-Human Identities (NHIs). However, the task of manually managing these NHIs and their secrets can be daunting and time-consuming, especially for organizations that operate in complex…

BSides Exeter 2024 – Blue Track – DFIR – Tracking TTP Changes Of SocGhoulish

Author/Presenter: Chris Morgan Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Blue Track – DFIR – Tracking TTP Changes Of SocGhoulish appeared first on Security Boulevard.

Water utilities would get cybersecurity boost under bipartisan Senate bill

Small water and wastewater utilities would get a boost to their cybersecurity defenses under a bipartisan Senate bill that a pair of lawmakers re-introduced Thursday. Sens. Catherine Cortez Masto, D-Nev., and Mike Rounds, R-S.D., are taking another swing at the Cybersecurity for Rural Water Systems Act after the legislation stalled out in the 118th Congress.…

BSides Exeter 2024 – Blue Track – DFIR – Digital Hostage: Navigating Ransomware Realities

Author/Presenter: Luke Weatherburn-Bird Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Blue Track – DFIR – Digital Hostage: Navigating Ransomware Realities appeared first on Security Boulevard.

How can I integrate automated NHI auditing into our pipeline?

How Can Automated NHI Auditing Enhance Your Cybersecurity Strategy? Is your organization struggling with managing the ever-increasing volume of Non-Human Identities (NHIs) within your IT infrastructure? The NHI universe comprises machine identities created by combining a unique identifier or ‘Secret’ and the permissions granted to that Secret by a destination server. The challenge lies in…

What security considerations should I keep in mind for NHI automation?

Why are Security Considerations Essential for Non-Human Identities Automation? The age of automation has dawned upon us. Automation carries the promise of immense business benefits, yet, it brings forth its own set of security challenges. For organizations heavily invested in leveraging Non-Human Identities (NHIs) for automation, how can these security considerations be comprehensively addressed and…

What role do APIs play in automating NHI management?

Could API Automation Be The Missing Piece In Your NHI Management? One critical question stands out: Could the underutilized potential of API automation be the missing piece in your Non-Human Identities (NHI) management strategy? With the increasing complexity of cloud environments and the mounting demand for robust security measures, the answer is a resounding yes.…

BSides Exeter 2024 – Blue Track – DFIR – Are We There Yet?

Author/Presenter: James Phillips Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Blue Track – DFIR – Are We There Yet? appeared first on Security Boulevard.

Lazarus Group deceives developers with 6 new malicious npm packages

Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data…

Executive Perspectives: The Cybersecurity Leadership Landscape with Ryan Surry

In the latest episode of Axio’s Executive Insight Series, CEO Scott Kannry sits down with Ryan Surry, Founder and Managing Director of Intaso, to discuss the evolving role of security Read More The post Executive Perspectives: The Cybersecurity Leadership Landscape with Ryan Surry appeared first on Axio. The post Executive Perspectives: The Cybersecurity Leadership Landscape…

How do I secure dynamic NHIs in a microservices architecture?

Should We Be Concerned About the Security of Dynamic NHIs in a Microservices Architecture? The advent of dynamic Non-Human Identities (NHIs) in a microservices architecture has undoubtedly added a new dimension to cybersecurity. But with this innovation comes an increased vulnerability. So, is the security of your dynamic NHIs something we should be worried about?…

Legislative push for child online safety runs afoul of encryption advocates (again)

Two members of the Senate Judiciary Committee are preparing to introduce  a bipartisan bill that would mandate tech companies to more swiftly report and remove child sexual abuse material hosted on their platforms, but critics warn it could result in the weakening or elimination of encrypted messaging services that many Americans rely on. The Stop…

Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days

Microsoft’s March 2025 Patch Tuesday includes six actively exploited zero-day vulnerabilities. Learn about the critical vulnerabilities and why immediate updates are essential.

BSides Exeter 2024 – Purple Track – The Ransomware Negotiation Dilemma: The Pros And Cons Of Negotiation Strategies

Author/Presenter: Richard Foster Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Purple Track – The Ransomware Negotiation Dilemma: The Pros And Cons Of Negotiation Strategies appeared first on Security Boulevard.

Microsoft patches 57 vulnerabilities, including 6 zero-days

Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale.  The software defects…

Apple discloses zero-day vulnerability, releases emergency patches

Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions. The sandbox is a security feature that isolates untrusted web content in order to prevent…

X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it.

Social media service X was hit by a series of distributed denial-of-service attacks Monday, which rendered the platform formerly known as Twitter inaccessible at times for users with intermittent outages and errors, according to researchers. The cause of those attacks has been much harder to discern. Elon Musk, the site’s owner, described the incident as…

BSides Exeter 2024 – Purple Track – Exercise Army Cyber Spartan

Author/Presenter: Ben Helliwell Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Purple Track – Exercise Army Cyber Spartan appeared first on Security Boulevard.

New York sues Allstate and subsidiaries for back-to-back data breaches

Allstate and several of the insurance company’s subsidiaries were accused of poor security practices resulting in data breaches in 2020 and 2021 that exposed sensitive data on nearly 200,000 people, the New York State Attorney General office said in a lawsuit filed Monday.  National General, an insurance company Allstate acquired for $4 billion in 2021,…

Sean Plankey picked by Trump to be CISA director 

President Donald Trump nominated Sean Plankey to head the Cybersecurity and Infrastructure Security Committee on Tuesday, the last major piece to fall into place for cybersecurity leadership in his administration. Plankey served in the first Trump administration, holding a few posts with cyber responsibilities. He was the principal deputy assistant secretary for the Energy Department’s…

Sola emerges from stealth with $30M to build the ‘Stripe for security’

Enterprises these days can choose from hundreds of apps and services available to secure their networks, data and assets — nearly as many more to help them manage all the alerts and extra work that those security apps generate. But what if you could build your own apps, customised to your own workloads, to simplify…

How can I secure NHIs during rapid deployment cycles?

Are Your Machine Identities Adequately Protected During Rapid Deployment Cycles? Organizations across industries are leveraging the unprecedented benefits of the cloud. Financial services, healthcare, travel, and tech-driven sectors like DevOps and SOC teams are especially invested. However, this adoption isn’t without its unique set of challenges. One pertinent question is, how can organizations secure Non-Human…

What solutions support automated NHI lifecycle management?

Can Automated Non-Human Identities Lifecycle Management Lead to Better Cybersecurity? The fast-paced digital necessitates the use of automated processes in many areas, including cybersecurity. One such process, Non-Human Identities (NHIs) lifecycle management, has been gaining traction in recent years. But can comprehensive, automated NHI lifecycle management really provide the cybersecurity edge organizations seek? Data-driven insights…

BSides Exeter 2024 – Purple Track – Tales Of DOMinica

Author/Presenter:Liam Follin Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Purple Track – Tales Of DOMinica appeared first on Security Boulevard.

BSides Exeter 2024 – Purple Track – Panel: Mythbusting The Silver Bullet

Authors/Presenters: Panel Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Purple Track – Panel: Mythbusting The Silver Bullet appeared first on Security Boulevard.

Trump Administration and the Russian Cyber Threat, Firefox Privacy Changes

In this episode, we discuss whether the Trump administration ordered the U.S. Cyber Command and CISA to stand down on the Russian cyber threat. We also touch on the Canadian tariff situation with insights from Scott Wright. Additionally, we discuss the recent changes to Firefox’s privacy policy and what it means for user data. **…

What are the cost implications of advanced NHI protection?

What is the True Cost of Not Investing in Non-Human Identities Protection? Non-Human Identities (NHIs) are increasingly significant where automated operations and cloud-based infrastructures dominate. But what happens when businesses overlook the value of advanced NHI protection? What are the financial implications your organization can face if such protection is not put in place? These…

How do I measure the effectiveness of our NHI security measures?

A Perplexing Dilemma or a Solvable Query? Have you ever puzzled over how to measure the effectiveness of Non-Human Identities (NHIs) security in your organization? You understand the importance of NHIs. But quantifying their security effectiveness remains crucial yet challenging. Grasping the Depth of NHIs Let’s briefly revisit the essence of NHIs. NHIs comprise a…

BSides Exeter 2024 – Keynote: Matt Broomhall & Richard DeVere

Authors/Presenters: Matt Broomhall & Richard DeVere Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Keynote: Matt Broomhall & Richard DeVere appeared first on Security Boulevard.

How can NHI risks be reduced without compromising system performance?

Are your Non-Human Identities (NHIs) and Secrets effectively managed? NHIs and Secrets have emerged as crucial elements. However, the question looms: are these entities being effectively managed to reduce risks without compromising system performance? Understanding the Critical Role of NHIs and Secrets NHIs are machine identities used in cybersecurity, akin to digital passports that provide…

BSides Exeter 2024 – Keynote: Flushing Away Preconceptions Of Risk

Author/Presenter: Thom Langford Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Keynote: Flushing Away Preconceptions Of Risk appeared first on Security Boulevard.

What are the best governance practices for managing NHIs?

What Drives the Need for Effective Non-Human Identities (NHIs) Governance Practices? Are we really addressing the potential dangers that lurk behind poorly managed non-human identities (NHIs)? With a sharp increase in the interconnectedness of modern systems, the importance of proper NHIs management cannot be overstated. Organizations need to incorporate NHIs and secrets management into their…

How can NHIs affect our overall threat landscape?

Are We Overlooking Non-Human Identities in Our Cybersecurity Strategy? How often do we give due consideration to the Non-Human Identities (NHIs)? The role of NHIs and their ‘secrets’ management in creating a robust and secure IT infrastructure is often underestimated. NHIs, primarily machine identities, form the backbone of secure transactions. They are, in a way,…

How do I prioritize NHI risks in boardroom discussions?

Why is Risk Prioritization of Non-Human Identities Essential in Boardroom Discussions? Cybersecurity continues to command greater attention in organizational hierarchies, understanding the significance of Non-Human Identities (NHIs) risk prioritization becomes crucial. NHIs, defined as machine identities used in cybersecurity, provide a unique identifier similar to a passport. They play a monumental role in ensuring a…

BSides Exeter 2024 – Keynote: Become A Better Security Engineer (By Not Doing Security)

Author/Presenter: Kane Narraway Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Keynote: Become A Better Security Engineer (By Not Doing Security) appeared first on Security Boulevard.

CISA completed its election security review. It won’t make the results public

When the Trump administration began sidelining and laying off personnel at the Cybersecurity and Infrastructure Security Agency, it started by targeting employees who worked on election security and disinformation. At the same time, the Department Homeland Security announced it would conduct a comprehensive review of CISA’s election security mission. This week, the agency confirmed that…

Ransomware poseurs are trying to extort businesses through physical letters

The FBI and threat researchers are warning executives to be on the lookout for physical letters in the mail threatening to leak sensitive corporate data.  The letters, which are stamped “time sensitive read immediately” and shipped directly to executives through the Postal Service, are part of a nationwide scam designed to extort victims into paying…

Russian crypto exchange Garantex seized in international law enforcement operation

U.S. and European law enforcement agencies have seized the infrastructure of Garantex, a cryptocurrency exchange accused of laundering billions in criminal proceeds, in a sweeping international operation that signals heightened focus on illicit financial flows in cryptocurrency markets. According to Justice Department documents unsealed Friday, the Moscow-based exchange processed approximately $96 billion in cryptocurrency transactions…

How can NHIs be incorporated into our overall security strategy?

Do Non-Human Identities Play a Significant Role in Our Security Strategy? Indeed, they do. Non-Human Identities (NHIs) are becoming increasingly crucial in the security scenario and their importance in corporate IT ecosystems can’t be overstressed. Incorporating them into your overall cybersecurity strategy has proven to help organizations fortify their infrastructure against potential threats and vulnerabilities,…

What are the key security controls for NHIs at the executive level?

Why Should CISOs Consider Non-Human Identities Security Controls? Did you know NHIs represent a significant portion of all entities in a typical network environment? A lack of robust Non-Human Identities (NHIs) security controls can pose significant threats to data integrity and system security in any organization. You must be wondering – What are the key…

What role do NHIs play in our organization’s security posture?

What Essential Role Do Non-Human Identities (NHIs) Play in Our Organization’s Security Posture? When our world increasingly moves towards digitalization, one quite critical question that could be floating around your mind is, “What is the significance of NHIs in enhancing our security posture?” The answer to this question lies deeply rooted in understanding NHIs and…

How can I align NHI management with our digital transformation initiatives?

Why is Non-Human Identities Management Critical for Digital Transformation? Have you ever considered the sheer quantity of non-human identities (NHIs) that exist within your corporate network? These NHIs, also known as machine identities, play an integral role but are often overlooked. When organizations increasingly leverage cloud-based solutions in their digital transformation journey, the successful management…

Armis buys Otorio for $120M to beef up cybersecurity in physical spaces

More consolidation is playing out in the security industry as platform players scoop up technology to give them deeper expertise in growing business areas. On Thursday, Armis, a $4.2 billion specialist in cyber exposure management, said it would be acquiring Otorio, a specialist in securing industrial and physical environments.  Terms of the deal are not…

Silk Typhoon shifted to specifically targeting IT management companies

The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets, Microsoft Threat Intelligence said in a blog released Wednesday.  The Chinese espionage group, which is also known as APT27, has abused stolen API keys and credentials for privileged access…

What are the latest trends in NHI protection for CIOs?

Are CIOs Prepared for the Rising NHI Trends? When the cloud environment evolves to deliver seamless business solutions, it brings along unique challenges in terms of data security. Needless to say, managing Non-Human Identities (NHIs) has become a primary concern for CIOs, with the rising trends signalling the urgent need for advanced protection strategies. Are…

What are the risks of unmanaged NHIs in enterprise environments?

Are Unmanaged Non-Human Identities (NHIs) Jeopardizing Your Enterprise Environment? With cloud-native applications, AI technologies, and IoT devices permeating modern enterprises, Non-Human Identities (NHIs) have become critical components. But what happens when these NHIs are left unmanaged? Do you comprehend the risks associated with unmanaged NHIs in your enterprise environment? The Unseen Threat of Unmanaged Non-Human…

How can executive teams ensure NHI compliance with industry standards?

Why is Compliance Crucial for Non-Human Identities? Executive teams often face an array of complex challenges. One such challenge concerns Non-Human Identities (NHIs) compliance. So, why is it essential to get this right? Non-Human Identities are machine identities used in cybersecurity, which are created by combining a “Secret” (an encrypted password, token, or key) and…

US indicts 12 Chinese nationals for vast espionage attack spree

The Justice Department on Wednesday indicted 12 Chinese nationals for their alleged involvement in an extensive nation-state-backed espionage campaign that included a spree of attacks on U.S. federal and state agencies, including the late 2024 attack targeting the Treasury Department.  Officials accused the Chinese individuals, including two officers of China’s Ministry of Public Security, eight…

Former NSA official says federal worker cuts will have ‘devastating impact’ on cyber and national security

Former top U.S. cybersecurity official Rob Joyce told lawmakers on Wednesday that cuts to federal probationary employees will have a “devastating impact” on U.S. national security. Joyce, who was the director of cybersecurity for the National Security Agency until retiring in 2024, was providing testimony to the U.S. House Committee on the Chinese Communist Party,…

Cybercriminals picked up the pace on attacks last year

Threat actors became increasingly efficient last year, rapidly achieving lateral movement and swiftly stealing data at a faster clip than ever before, according to multiple threat intelligence firms.  The reduced time frame is a clear indicator that cybercriminals are constantly improving their ability to be successful. With the abuse of legitimate system tools to help…

Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated markets

Open-source software security firm Chainguard announced Wednesday that it is now building FIPS-validated images for Apache Cassandra, achieving what it describes as a first-of-its-kind accomplishment in the open-source community.  The project enables organizations in regulated industries — including government, health care, and finance — to deploy Cassandra with cryptographic libraries compliant with the National Institute…

WordPress Appliance - Powered by TurnKey Linux