Author: Anastasios Arampatzis

The holidays are a time for joy, connection, and giving, but amidst the festive cheer lies a growing cyber threat that’s anything but jolly. As we fill our online shopping carts with gifts for loved ones, scammers are busy crafting their own presents—persuasive, GenAI-generated phishing emails and ads designed to steal your personal information, financial data, and peace of mind. In the spirit of the season, let’s unwrap the truth about these scams and learn how to keep our celebrations secure. The Rise of GenAI-Powered Scams Gone are the days of poorly written phishing emails that could be spotted from…

On 20 November 2024, the EU Cyber Resilience Act (CRA) was published in the Official Journal of the EU, kicking off the phased implementation of the CRA obligations. The European Union has introduced the Cyber Resilience Act to bolster the cybersecurity of connected devices and software products within its jurisdiction. The CRA is a harmonizing EU regulation, the first of its kind focusing on safeguarding consumers and businesses from cybersecurity threats.  It is a key element of the EU’s Cybersecurity Strategy for the Digital Decade. CRA is an EU Regulation similar to the GDPR and the EU AI Act. It is, therefore, directly…

Artificial intelligence (AI) is transforming industries at an unprecedented pace, offering solutions to some of the world’s most complex challenges. But with its immense potential come significant risks—bias, discrimination, data privacy breaches, and security vulnerabilities. Governments worldwide have enacted AI regulations that balance innovation with trustworthiness and accountability to address these risks. While these regulations are crucial for building public trust, their variety and complexity can make compliance a daunting task for businesses operating across borders. The AI Regulations Tracker 2025, developed by the Bora cybersecurity marketing and Information Security Buzz team of experts, is a vital tool for companies…

In an era of increasingly sophisticated cyber threats, the U.S. Department of Defense (DoD) has introduced the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) to bolster the cybersecurity posture of its Defense Industrial Base (DIB). This updated framework aims to ensure that contractors and subcontractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) implement robust cybersecurity practices. Understanding CMMC 2.0 CMMC 2.0 is an enhanced version of the original CMMC framework, streamlining the model from five to three cybersecurity maturity levels. Each level aligns with established National Institute of Standards and Technology (NIST) cybersecurity standards, namely NIST SP…

In today’s digital-first world, APIs are the lifelines connecting different software applications, enabling seamless interactions and data exchange. As businesses increasingly adopt digital transformation strategies, the reliance on APIs has skyrocketed. However, this growing dependency comes with its own set of risks. API security breaches are not just a technical nuisance; they are a substantial business risk with far-reaching consequences. But what exactly does this mean for your business? And why should API security be more than a footnote in your digital strategy? Let’s dive in to uncover the critical importance of fortifying your APIs. Understanding API Security API Security:…

The National Institute of Standards and Technology (NIST) has published its initial draft strategy, Internal Report (IR) 8547, titled “Transition to Post-Quantum Cryptography Standards. ” This draft outlines NIST’s strategy for migrating from current cryptographic algorithms vulnerable to quantum computing attacks to quantum-resistant alternatives. Published on November 12, 2024, it is open for comments until January 10, 2025. The report details a phased approach to PQC adoption and underscores the urgency of securing critical systems before quantum computing capabilities emerge. The Need for Post-Quantum Cryptography Cryptographic algorithms are vital for safeguarding confidential digital information from unauthorized access. For decades, these…

Despite cyber risk growing at an alarming rate, a recent global study from Trend Micro, highlights that many organizations are failing to implement adequate cybersecurity measures due to a lack of strategic leadership and investment. Key Findings of the Report According to the study, which surveyed 2,600 IT leaders across regions including North America, Europe, and APAC, cybersecurity gaps are widening as the attack surface expands. In 2023, Trend Micro blocked 161 billion threats, marking a 10% increase from the previous year. However, despite the surge in digital threats, leadership across many organizations remains indifferent to the severity of these…

The United Nations (UN) Secretary-General’s High-level Advisory Body on Artificial Intelligence (HLAB-AI) released a comprehensive report titled “Governing AI for Humanity,” which proposes global governance mechanisms for Artificial Intelligence (AI). The report is based on extensive consultations and presents a framework aimed at addressing AI’s risks while maximizing its benefits for humanity. With AI’s rapid evolution, the need for a cohesive, global approach to governance has become critical. Global Governance Gaps in AI The report highlights that only seven of the UN’s 193 Member States participate in prominent AI governance initiatives. With no comprehensive global framework in place, decisions about…

The European Union Agency for Cybersecurity (ENISA) has released its annual Threat Landscape report for 2024, providing crucial insights into the evolving cybersecurity challenges facing the EU. Here are the key takeaways: Prime Threats Remain Consistent Denial of Service (DDoS) attacks and ransomware continue to dominate the threat landscape, accounting for over half of observed incidents. Other significant threats include malware, social engineering, data breaches, and information manipulation. Geopolitical Factors Drive Cyber Activity Ongoing regional conflicts and major events like the European elections have fueled increased cyber operations, particularly from state-nexus actors and hacktivists. The line between these groups is…

Cybersecurity has moved to the top of every CIO’s agenda in the last few years as organizations in every industry battle to navigate an increasingly complex threat landscape. Adversaries are more well-funded and determined than ever, and their tools are growing in persistence and sophistication.At the same time, the distributed workforces that arrived with the pandemic have widened the attack surface exponentially, introducing new vulnerabilities, and presenting attackers with a slew of new vectors to gain a foothold on corporate networks.From sophisticated malefactors to opportunistic malware, there are many risks. In this blog, we’ll delve into the common vulnerabilities and…