Bridging the Cybersecurity Gap between Web2 and Web3 - an Incident-Based Analysis of Organizational and Application-Level Security Failures

The rapid adoption of Web3 infrastructures has led to a growing number of security incidents affecting cryptocurrency exchanges, custody services and blockchain-based platforms. While existing research predominantly focuses on vulnerabilities in smart contracts and blockchain protocols, a...

Towards Modeling Cybersecurity Behavior of Humans in Organizations

We undertake a comprehensive and structured synthesis of the drivers of human behavior in cybersecurity, focusing specifically on people within organizations i.e., especially employees in companies, and integrate key concepts such as awareness, security culture, and usability into a coherent...

EUVD-2024-22468

Malicious code in bioql PyPI...

EUVD-2022-24666

Malicious code in bioql PyPI...

The Signalgate Case Is Waiving a Red Flag to All Organizational and Behavioral Cybersecurity Leaders, Practitioners, and Researchers: Are We Receiving the Signal Amidst the Noise?

The Signalgate incident of March 2025, wherein senior US national security officials inadvertently disclosed sensitive military operational details via the encrypted messaging platform Signal, highlights critical vulnerabilities in organizational security arising from human error, governance gaps...

Lunary Authorization Issues Vulnerability

lunary is a production toolkit for LLM. An authorization issue vulnerability exists in lunary that arises from allowing unauthorized users to access and manipulate items within an organization that should not be accessible. No detailed vulnerability details are provided at this time...

How Red Team Exercises Increases Your Cyber Health

Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effective...

Generative AI Security - Secure Your Business in a World Powered by LLMs

Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models LLMs and Generative AI. The potential of Generative AI is immense, yet it brings...

CVE-2024-25106 OpenObserve Unauthorized Access Vulnerability in Users API

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/orgid/users/emailid" endpoint. This vulnerability allows any authenticated user within an organization to...

[eBook] The Ultimate Security for Management Presentation Template

Are you a CISO, CIO, or IT Director? In your role, you're responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization's security program. But getting buy-in from leadership can be difficult wh...

Preparing for denial-of-service attacks with Talos Incident Response

By Yuri Kramarz. Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves in the crosshairs of various malicious campaigns. A detailed... This is only the...

2022 Planning: Simplifying Complex Cybersecurity Regulations

Compliance does not equal security, but it’s also true that a strong cybersecurity program meets many compliance obligations. How can we communicate industry regulatory requirements in a more straightforward way that enhances understanding while saving time and effort? How can we more easily...

3.1M Neiman Marcus Customer Card Details Breached

Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just...

The Coronavirus is Already Taking Effect on Cyber Security– This is How CISOs Should Prepare

The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light o...

Download The Ultimate ‘Security for Management’ Presentation Template

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO or...

Engage Your Management with the Definitive 'Security for Management' Presentation Template

In every organization, there is a person who's directly accountable for cybersecurity. The name of the role varies per the organization's size and maturity – CISO, CIO, and Director of IT are just a few common examples – but the responsibility is similar in all places. They're the person who...

January 22, 2018 – Morning Cyber Coffee Headlines – “NFL” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 22, 2018 - Headlines Carbon Black in the News: Strategic Cyber Ventures...

The CIS Critical Controls Explained- Control 8: Malware Defenses

This is a continuation of our CIS critical security controls blog series. Workstations form the biggest threat surface in any organization. The CIS Critical Security Controls include workstation and user-focused endpoint security in several of the controls, but Control 8 Malware Defenses is the...

Please make sure you have offline backups

This ransomware has hit not only personal computers, but also organizations, including a town in New Hampshire. This particular attack was carried out when an employee opened a seemingly legitimate email attachment, once again reminding us of the ever-present danger of social engineering...

Security Best Practice: Domains Block List Protection - Blocking LogMeIn

LogMeIn is a remote control application that provides access to any Windows PC from anywhere in the world. It only requires a computer connected to the Internet. The user can remotely access a target computer and have a full desktop view and complete control of everything on it, including: Remote...