Heimdallr: Characterizing and Detecting LLM-Induced Security Risks in GitHub CI Workflows

GitHub Continuous Integration CI workflows increasingly integrate Large Language Models LLMs to automate review, triage, content generation, and repository maintenance. This creates a new attack surface: externally controllable workflow inputs can shape LLM prompts and outputs, which may in turn...

A Survey of Security Challenges and Solutions for Advanced Air Mobility and EVTOL Aircraft

This survey reviews the existing and envisioned security vulnerabilities and defense mechanisms relevant to Advanced Air Mobility AAM systems, with a focus on electric vertical takeoff and landing eVTOL aircraft. Drawing from vulnerabilities in the avionics in commercial aviation and the automate...

The CISO’s Top Priority: Elevating Data-Centric Security

The shift to cloud computing has enhanced the resilience and security of most organizations. In this era of unparalleled agility and scalability, data-centric security can offer transformational opportunities for Chief Information Security Officers CISOs to improve data protection, compliance, an...

Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021

The eCommerce industry has gone through years worth of changes in a matter of just a mere couple of months as the global pandemic emerged back in March of 2020. These changes have led to skyrocketing growth for the industry, with sales predicted to hit $4.921 trillion by the end of this year. And...

Coursera Flunks API Test in Researchers’ Security Exam

Researchers have discovered multiple application programming interface API issues in Coursera, the online learning platform used by 82 million learners and hundreds of Fortune 500 companies. On Thursday, the Checkmarx Security Research Team published a report on its findings, which included user...

XDR Needs Network Data and Here’s Why

As we’ve discussed in previous blogs, XDR is a better way to detect attacks within a network since it is able to coordinate and collaborate threat intelligence and data across multiple threat vectors, including endpoint including mobile and IIoT, server, network, messaging, web, and cloud. In thi...

Recommendations for deploying the latest Attack surface reduction rules for maximum impact

The keystone to good security hygiene is limiting your attack surface. Attack surface reduction is a technique to remove or constrain exploitable behaviors in your systems. In this blog, we discuss the two attack surface reduction rules introduced in the most recent release of Windows and cover...

ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident

Nearly half 46 percent of executives in a Deloitte poll say their organizations have experienced a cybersecurity incident over the past year — and that they’re still no closer to being ready for the next event. The survey, of more than 3,150 professionals taken during a Deloitte Dbriefs webcast o...

ARE YOU LEAVING YOUR SECURITY BACKDOOR OPEN?

Gartner predicts that enterprises will spend $96 Billion on cyber security this year, up 8% from their spend in 2017. That's a big chunk of change. To put it into context, that spend is in the same ballpark as the individual GDPs of Venezuela, Sri Lanka and Puerto Rico in 2018. Despite this,...

Layered Security Without the Layered Complexity

With the recent influx of news reports regarding security incidents, more Chief Information Security Officers CISOs, Chief Information Officers CIOs, and IT professionals are reviewing current security infrastructures, policies, and practices to identify potential weaknesses in their security...

[Hook Analyser 3.0] A Freeware Malware Analysis and Cyber Threat Intelligence Software

In terms of improvements, a new module has been added - Cyber Threat Intelligence. Threat Intel module is being created to gather and analyse information related to Cyber Threats and vulnerabilities. The module can be run using HookAnalyser.exe via Option 6 , or can be run directly. The module...