39 matches found
Payment apps are watching what you say (Lock and Code S07E11)
This week on the Lock and Code podcast … In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions. Sensible, right? Well,...
Integrating Log-Based Security Analytics in Agile Workflows: A Real-World Experience Report
Modern organizations increasingly rely on log data and monitoring signals to protect products against account takeovers and abuse, yet integrating security analytics into fast-moving Agile workflows remains challenging. While it is important to understand how security practices are developed and...
S3C2 SICP Summit 2025-06: Vulnerability Response Summit
Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing significant damage to businesses and organizations. The US and EU governments and industry are equally interested in enhancing software security, including supply chain and...
The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably "yes" — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blin...
Mapping Quantum Threats: An Engineering Inventory of Cryptographic Dependencies
The emergence of large-scale quantum computers, powered by algorithms like Shor's and Grover's, poses an existential threat to modern public-key cryptography. This vulnerability stems from the ability of these machines to efficiently solve the hard mathematical problems - such as integer...
Reproducing a Security Risk Assessment Using Computer Aided Design
Security risk assessment is essential in establishing the trustworthiness and reliability of modern systems. While various security risk assessment approaches exist, prevalent applications are "pen and paper" implementations that -- even if performed digitally using computers -- remain prone to...
Establishing a Baseline of Software Supply Chain Security Task Adoption by Software Organizations
Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: 1 software components; 2 the build infrastructure; and 3 humans a.k.a software practitioners. Software supply chain risk management frameworks provide a list of...
Connect with the security community at Microsoft Ignite 2025
In today’s AI-powered world, security professionals are facing unprecedented challenges—and opportunities. As generative AI reshapes the digital landscape, the need for robust, intelligent, and adaptive security strategies has never been more urgent. At Microsoft Ignite 2025, we will showcase...
Clean Code in Practice: Challenges and Opportunities
Reliability prediction is crucial for ensuring the safety and security of software systems, especially in the context of industry practices. While various metrics and measurements are employed to assess software reliability, the complexity of modern systems necessitates a deeper understanding of...
New whitepaper outlines the taxonomy of failure modes in AI agents
We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind. The taxonomy continues Microsoft AI Red Team's work to lead the creation of systematizati...
ASB-A-381773175
Bulletin has no description...
How to Plan and Prepare for Penetration Testing
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting BGH cyber criminals, a...
Subscription Health Dashboard Update: Optimize Deployments and Identify Issues
For VM teams navigating the complex realm of cybersecurity tools, ensuring deployment health is paramount. Swift methods are required to pinpoint issues amidst complexity. Challenges such as duplicate entries, ghost hosts, and decommissioned devices can obstruct these views, hindering data...
See a Sneak Peek of Tuesday’s Take Command Summit
In just a few short days, some of the best minds in cybersecurity will come together at Take Command to discuss the most pressing challenges and opportunities we face as an industry. The sessions include in-depth discussions on attacker trends and behaviors, a look into the Rapid7 SOC, top guest...
Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives
Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework CSF. It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to...
3 Ways to Apply a Risk-Based Approach to Threat Detection, Investigation, and Response: Gartner® Report
In an ongoing effort to help security organizations gain greater visibility into risk, we’re pleased to offer this complimentary Gartner® report, 3 Ways to Apply a Risk-Based Approach to Threat Detection, Investigation, and Response. This insightful research can help a security organization reali...
Join us at InfoSec Jupyterthon 2022
Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center SOC tools. Sitting somewhere between scripting/macros and a full-blown development...
Join us at InfoSec Jupyterthon 2022
Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center SOC tools. Sitting somewhere between scripting/macros and a full-blown development...
Unsung Security Superheroes: You’re Now Sung
Get your copy of Rapid7’s first comic: XDR vs. Exploito. Available now! We’re all more connected than ever, and security practitioners keep everyone – governments, organizations, businesses, and 4.95 billion people – as safe as they can be. “XDR vs Exploito” isn’t “Dr. Strange and the Multiverse ...
Is it Easier to Turn Cloud Professionals into Security Practitioners or Vice Versa?
Insights into the cybersecurity skills gap In a poll taken at a recent Imperva webinar, What’s New in ‘22? Cybersecurity Trends and Predictions, participants said it’s easier to turn security practitioners into cloud professionals by a margin of 65-35. Three Directors in Imperva’s Office of the C...