Hello aspiring AI whisperer! So, you've finally caved into peer pressure (or maybe your job straight-up told you it's on and poppin') and decided it is time to dip your …
Written by Peter Ramadan. Incident response (IR) is the backbone of any organization’s cybersecurity defense. For CIOs, CISOs, and Directors of Information Security, your IR procedures are well-established—but how efficient and …
Written by Peter RamadanRunning a successful security program isn’t some pleasant game of hopscotch—it’s a war, and the battlefield’s shifting under your feet every damn day. Long-term risk? That’s not …
Written by Peter Ramadan. CISSP Policy is the invisible thread that binds an organization together—a web of rules, subtle yet ironclad, dictating the commotion of the enterprises endeavors into some resembling …
Written by Peter RamadanWelcome to the first in a series of articles on giving your Security Operation Center (SOC) a serious path to success. The responsibility of leading a SOC …
Building From The Ground Up The idea of creating a security program from scratch crossed my mind many times before I had the chance to do it. When I landed into …
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and …
Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) …
Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies …
When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make …
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) …
Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a …
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an …
On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a …
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid's unique …
Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question …
