Category: Information Security Buzz

Midsized to large organizations often employ a large number of tools and have many interconnected relationships with other organizations and external users. With a complex network of technologies, users, and partners, it can be challenging to maintain control over every…

Read more →

Espionage actors linked to China may be diversifying their operations, as new evidence points to the use of espionage tools in a recent ransomware attack against a South Asian software and services company.   Symantec Threat Intelligence reports that the attack,…

Read more →

The Inside Man is security training like no other. Now in its sixth season, KnowBe4’s Netflix-style security awareness video series boasts a compelling storyline, memorable characters, and, most noticeably, a budget other training providers could only dream of. But does…

Read more →

As people celebrate Valentine’s Day today, malicious actors are jumping on the love bandwagon in an opportunity to exploit heightened emotions and consumer spending with a wave of scam emails.  According to the latest findings from Bitdefender Antispam Lab, a…

Read more →

Storytelling is one of the most ancient and effective forms of human teaching. Just like prehistoric tales warned of the perils lurking in the wild, modern narratives can teach people about the perils lurking in cyberspace. We recently sat down…

Read more →

The growing momentum behind business innovation, particularly in the realm of AI and data, is increasingly driving how businesses operate, invest, and deliver value. Whilst this may not appear different from previous years, the proliferation of new technologies and tools…

Read more →

The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed.  Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new Secure by Design Alert warning about the risks posed by buffer overflow vulnerabilities in software.   The alert, titled “Eliminating Buffer Overflow Vulnerabilities,”…

Read more →

Small and medium-sized businesses are highly vulnerable to Business Email Compromise (BEC) attacks. Threat actors are evolving, exploiting human error and trust while leveraging automation tools and AI. To shed light on this evolving threat, Information Security Buzz spoke with…

Read more →

In the short time since its debut, DeepSeek has made waves in the AI industry, garnering praise as well as scrutiny. The model’s meteoric rise has fueled debate over its claimed efficiency, intellectual property worries, and its general reliability and…

Read more →

Ransomware payments decreased by 35.82% year-over-year (YoY) in 2024, research from Chainalysis has revealed. The blockchain analytics company attributes much of this decrease to increased law enforcement actions, improved international collaboration, and a growing refusal of victims to pay.   While,…

Read more →

The UK and the US have opted not to sign an international agreement on artificial intelligence (AI) at a global summit held in Paris. The declaration—endorsed by multiple countries including France, China, and India—commits to an “open,” “inclusive,” and “ethical”…

Read more →

As IT environments grow increasingly complex, the necessity for advanced security measures at the endpoint level has never been more critical. This year will bring a wave of new challenges and opportunities in cybersecurity. Two prominent trends that will shape…

Read more →

Cybercriminals are rapidly evolving their tactics for exploiting large language models (LLMs), with recent evidence showing a surge in LLMjacking incidents. Since Sysdig TRT first discovered LLMjacking in May 2024,  it says attackers have continuously adapted, targeting new models such…

Read more →

Organizations are increasingly prioritizing compliance due to recent regulatory requirements, such as those from the US Government regarding the sale of software to the US government and the EU’s Digital Operational Resilience Act (DORA).   This was one of the findings…

Read more →

Sectigo has introduced Sectigo PQC Labs, a testing platform developed in collaboration with Crypto4A, a provider of quantum-safe Hardware Security Modules (HSMs).   The platform aims to help companies prepare for the transition to post-quantum cryptography (PQC) by offering a secure…

Read more →

The software industry is full of surprises. From development to user experience, it`s a vast avenue of innovations, problem-solving, and security hurdles, driving to create a better and reliable digital landscape for everyone. We spoke with Paul Davis, Field CISO at JFrog,…

Read more →

Morphisec Threat Labs has uncovered cunning new delivery techniques used by ValleyRAT, a sophisticated multi-stage malware attributed to the Silver Fox APT.   The malware, which primarily targets key roles in finance, accounting, and sales, has evolved with updated tactics, techniques,…

Read more →

For long-time cybersecurity industry veterans, we’re in an age that once we never thought possible; cybersecurity has moved from a backroom, “IT-only” relegation to a top-of-mind business objective. Right where we always thought it should be. However, this new era…

Read more →

A recent security analysis conducted by Qualys, using its AualysTotalAI solution, has raised significant concerns about DeepSeek-RI’s risks, particularly in enterprise and regulatory settings.  The newly released large language model (LLM) has captured global attention with its promise of high…

Read more →