For decades, businesses have employed penetration testing, simulating cyberattacks on their IT systems—to uncover vulnerabilities that hackers could exploit. Traditionally, this process was manual, requiring skilled professionals to probe defenses meticulously, look for any chink in the security armor, and use creativity, technical expertise, and an understanding of attacker strategies. While effective, manual testing can be time-consuming and costly. Today, technological advancements, including artificial intelligence (AI) and machine learning, have transformed the landscape. Automated network penetration testing tools streamline vulnerability discovery by scripting repetitive tasks and running them on a schedule, making regular testing more accessible, even for smaller organizations.…
Author: Dilki Rathnayake
Dilki Rathnayake is a cybersecurity content writer and the Managing Editor at Information Security Buzz, with a BSc in Cybersecurity and Digital Forensics. She is skilled in computer network security and Linux system administration. Dilki has also led awareness programs and volunteered for communities promoting best practices for online safety.
In July 2024, the City of Columbus, Ohio, experienced a ransomware attack that exposed the personal information of approximately 500,000 residents. While officials quickly took systems offline to contain the incident and reported halting the attack before ransomware encryption could be deployed, stolen data soon surfaced on the dark web. The city later filed a lawsuit against David Leroy Ross, a security researcher known as Connor Goodwolf, who publicly claimed that resident information had been compromised. The city of Columbus argued that Ross’s statements, shared with local media, posed a risk to sensitive data disclosure during the ongoing investigation. Nearly…
VIPRE Security Group’s Q3 2024 Email Threat Trends Report reveals the increasing sophistication of email-based threats, particularly business email compromise (BEC) and malspam campaigns, which have intensified across industries. Analyzing 1.8 billion emails globally, of which 208 million were identified as malicious. As email security advances, cybercriminals are using more sophisticated tactics to evade detection. They often disguise harmful attachments, such as PDFs and DOCX files, as harmless voicemails or urgent security updates to trick recipients. VIPRE’s Chief Product and Technology Officer, Usman Choudhary, commented, “BEC and phishing attacks are becoming more targeted and convincing, highlighting the critical need for…
In today’s fast-evolving digital landscape, Cybersecurity Advisory Boards (CABs) are essential in assisting organizations in navigating the complexities of today’s digital environment. By bringing together industry leaders, CABs provide strategic insights, foster collaboration, and ensure cybersecurity strategies stay ahead of emerging threats. We spoke with Security Sisters Network TM (SSN) about the importance of CABs in the industry. SSN is a small, woman-owned business with a global network of over 18,000 CXOs. SSN emphasizes advocacy, networking, and relationship-building within the cybersecurity sector. SSN creates deep, lasting partnerships with key CXOs by focusing on targeted, high-touch interactions. Their flagship programs develop…
In the complex world of compliance, professionals deal with many responsibilities that go well beyond just cybersecurity. Compliance can encompass areas such as financial regulations, anti-money laundering practices, and safety standards, each requiring its own set of specialized skills; however, a fundamental understanding of cybersecurity principles becomes essential when the focus shifts to cybersecurity compliance. Unfortunately, many compliance professionals have only basic or novice skills in technology, which is a crucial area of understanding. Dilki Rathnayake, the managing editor of Information Security Buzz, spoke to Jay Trinckes, CISO of Thoropass, to discuss the reasons behind this skills gap, the role…
Digital Rights Management (DRM) systems are a crucial tool for protecting digital content from unauthorized access or reproduction. Whether you’re a content creator looking to protect your intellectual property or a business looking to protect revenue streams, DRM is an essential consideration. In this article, we’ll explore the various types of DRM systems, the benefits and challenges of using them, and best practices for implementing DRM to safeguard against unauthorized access or reproduction of protected content. Introduction to Digital Rights Management At its core, Digital Rights Management is a set of technologies and techniques that are used to protect digital…
