Despite their illicit activities, ransomware groups invest in custom infrastructure and maintain stringent security practices, often surpassing Fortune 100 companies. Vangelis Stykas, CTO of Atropos, explains why ransomware infrastructure is harder to exploit than enterprise systems.
Scattered Spider, a notorious cyberthreat group, has continued its operations despite a series of high-profile arrests. The group's decentralized structure, in which members operate independently, contributes to its resilience, said Malachi Walker, security adviser at DomainTools.
SQL vulnerabilities continue to plague modern applications due to their severe impact and frequent occurrence. Databases hold valuable information such as customer data and authentication details and are "high-value targets" for attackers, said Paul Gerste, vulnerability researcher at SonarSource.
AI-assisted coding tools can speed up code production but often replicate existing vulnerabilities when built on poor-quality code bases. Snyk's Randall Degges discusses why developers must prioritize code base quality to maximize the benefits and minimize the risks of using AI tools.
When developers make Amazon Machine Images public, they risk exposing sensitive data and creating vulnerabilities. Security experts Matei Josephs and Eduard Agavriloae explain how attackers can exploit these exposures, leading to unauthorized access and potential data breaches.
Data integrity, collection, analytics - they all are essential for compliance reporting, and yet each remains a challenge for enterprises across business sectors. Siva Vrs of Wipro discussed the pain points with compliance in the cloud era and Wipro's partnership with AWS to alleviate them.
Centralized architecture in the automotive industry streamlines cybersecurity and supply chain operations by reducing hardware components and enabling quicker fixes. But that centralization also poses major cybersecurity challenges, said Thomas Sermpinis, technical director at Auxilium Pentest Labs.
In the latest weekly update, ISMG editors discussed the evolving disclosure responsibilities of CISOs, yet another ransomware attack targeting the healthcare sector, and Mimecast's latest strategic acquisition as part of its broader expansion efforts.
A U.S. strategy for cybersecurity seeks to move responsibility for cybersecurity from individual users to large tech companies. Researchers Alex O'Neill and Lachlan Price explain the global implications of this shift and how corporations such as Google and Microsoft are taking the lead.
As artificial intelligence technology continues to evolve, security professionals have become involved in areas that traditionally weren't their concern such as preventing biases in decision-making, said Nathan Hamiel, senior director of research at Kudelski Security.
Dating apps collect and sell user location data, leading to significant privacy risks. Users are vulnerable to stalking, harassment and even prosecution in certain countries, says Victor Le Pochat, postdoctoral researcher at KU Leuven. Pochat and Dhont called for improved data protection measures.
Generative AI tools boost developer productivity, but they also generate code with similar vulnerability rates as human developers. Chris Wysopal, co-founder and CTO of Veracode, explains why enterprises must treat AI-generated code with caution and automate security testing.
The CrowdStrike outage exposed recovery challenges, highlighting cloud systems' resilience over physical infrastructure. Jonathan Hatzor, co-founder and CEO of Parametrix, advises CIOs and CISOs on strategies that can effectively manage, mitigate and transfer risks.
AI's influence on social engineering and election security has become a focal point at Black Hat. ISMG editors discuss how advanced technologies are making it easier to manipulate people and compromise security systems and offer key insights on machine learning vulnerabilities.
Artificial intelligence, much like when the internet became public, is simultaneously the most overhyped and underhyped technology in history, said Sam Curry, vice president and CISO at Zscaler. Its application in cyber defense is still evolving.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.