Author: Josh Breaker Rolfe

Software supply chain company JFrog revealed on Monday that it had discovered 22 software vulnerabilities across 15 machine learning-related open-source software projects. The results, presented in JFrog’s latest ML Bug Bonanza blog, shed light on the security challenges organizations face as they accelerate AI and ML adoption and highlight the need for more robust protections. The blog post showcases the ten most severe server-side vulnerabilities and the techniques attackers are using to exploit them. According to the blog, those vulnerabilities would allow attackers to: “These vulnerabilities allow attackers to hijack important servers in the organization such as ML model registries,…

A staggering 70% of exploited vulnerabilities in 2023 were leveraged as zero days, meaning threat actors exploited the flaws in attacks before the impacted vendors knew of the bug’s existence or had been able to patch them. In addition, the average Time-to-Exploit (TTE) fell from 32 to just five days. These were two of the findings of new research that also revealed a shift in ratios between n-day (vulnerabilities first exploited after patches are available) and zero-day vulnerabilities in the past few years. Throughout 2021 and 2022, analysts observed a 38/62 split between n-day and zero-day vulnerabilities. By 2023, the…

A staggering 44% of CISOs were unable to detect a data breach in the last 12 months using existing security tools. Moreover, nearly three-quarters (70%) of CISOs feel their current security tools are ineffective at detecting breaches due to limited visibility. These were two of the findings of a recent report from Gigamon that surveyed more than 1000 global security and IT leaders. Modern cybersecurity is about differentiating between acceptable and unacceptable risk,” says Chaim Mazal, CSO at Gigamon. “Our research shows where CISOs are drawing that line, highlighting the critical importance of visibility into all data-in-motion to secure complex hybrid…

The Court of Justice for the European Union (CJEU) has ruled that Meta Platforms, the owner of Facebook, must minimize the amount of people’s data it uses for personalized advertising. “An online social network such as Facebook cannot use all the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data,” the CJEU said in a ruling last Friday. The ruling comes in response to a complaint made by privacy campaigner Max Schrems, who said he was targeted with adverts aimed at gay people despite never sharing information…

Ten years ago, ransomware actors mainly worked alone or in small groups, targeting home computer users through spam emails to encrypt personal files and demand relatively small amounts of cryptocurrency for their safe return. Today, many ransomware gangs operate like legitimate businesses, boasting hundreds of staff, targeting some of the world’s largest organizations, and collecting millions of dollars in ransom payments. However, some ransomware attackers are beginning to focus on individual users. This is a growing trend. A recent report from Chainalysis found that payments to ransomware gangs under $1000 increased significantly throughout 2022/23, with gangs like Dharma and Djvu…

Interoperability is the lifeblood of the modern healthcare sector. Effective patient care relies on the ability of disparate healthcare systems, devices, and applications to seamlessly access, exchange, and ultimately use data; without interoperability, this would not be possible. A failure of interoperability in a healthcare environment can have enormous consequences, ranging from the financial – such as increased healthcare costs – to the existential – including medication errors that put lives at risk. The Importance of Interoperability in Healthcare Before the introduction of electronic health records (EHR), the healthcare sector was, in many ways, unrecognizable from the one we know…

The past decade has been incredibly important for Security Operations Centers (SOCs). Technological advances, changes in attitudes, and a rapidly evolving threat landscape have completely transformed how SOCs operate, helped analysts and managers overcome many challenges, and kept attackers at bay. Let’s look at how. Automation and Orchestration The first transformative SOC development in the past decade came in the early 2010s when automation and orchestration technologies were integrated. This development coincided with a sharp increase in cyberattack volume and sophistication, prompting cybersecurity professionals to seek a more efficient and proactive approach to security incident management. By integrating automation and…

Stay in the Loop on Emerging and Evolving Email Threat TrendsIn today’s fast-paced digital world, it seems the only constant is change. Advances in technology lead to more sophisticated cyberthreats and more sophisticated defenses, making for a sort of arms race between cybersecurity experts and cybercriminals. This is why it is always important for cybersecurity and infosec professional to keep themselves informed on the digital landscape and threat trends. VIPRE Security Group has published their Email Threat Trends Report for Q1 of 2024, examining the most common, pressing, and harmful threats delivered via email. Using over 25 years of malware…

Securing data relies upon making sense of it. To achieve this, organizations rely on two key concepts: Data Mapping and Data Lineage. While these terms are often used interchangeably, they refer to distinct processes with different objectives and implications. This article will explore the differences between Data Mapping and Data Lineage to help you better understand their roles and significance in data management. What is Data Mapping? Data Mapping defines how data elements from one system or source correspond to data elements in another method or destination. It is the blueprint for data integration, enabling organizations to transfer data seamlessly…

REST and SOAP APIs are the two most common application protocols that define how to build application programming interfaces (APIs). While they share some similarities, there are critical differences that organizations must understand to secure their REST and SOAP APIs properly. What is SOAP? Simple Object Access Protocol (SOAP) is a message protocol that allows applications built with different languages and on other platforms to communicate. Designed to be flexible and independent, SOAP enables developers to add features and functions to SOAP APIs regardless of their language. While SOAP imposes rules that increase complexity and overheads, resulting in slower load…