A Growing Challenge in Cloud Security In today’s fast-paced digital world, enterprises face a new urgency in cloud security. AI-driven tools have drastically reduced the time it takes to develop exploit kits, from 15 days to under 5. However, enterprise teams often need over 60 days to patch vulnerabilities across varied environments. This leaves a significant gap where … [Read more...] about Cisco and Wiz Unite to Enhance Cloud Security
Security
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network … [Read more...] about Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
February 2025 Patch Tuesday: Updates and Analysis
Actively Exploited Zero-Day Vulnerability in Windows Ancillary Function Driver for WinSock Windows Ancillary Function Driver for WinSock received a patch for CVE-2025-21418, which has a severity of Important and a CVSS score of 7.8. Windows Ancillary Function Driver for WinSock is primarily responsible for handling network-related functions. This elevation of … [Read more...] about February 2025 Patch Tuesday: Updates and Analysis
Transform Network Security With Cisco Hybrid Mesh Firewall
The need for a robust, and flexible network security architecture has never been more pressing. The distributed nature of modern applications, the complexity of networks, and the explosion of AI applications is preventing progress through complexity. As these hindering complexities shift and grow, our approach to security must evolve to meet them head-on. In the previous … [Read more...] about Transform Network Security With Cisco Hybrid Mesh Firewall
CrowdStrike University Fast Track Fuels Cybersecurity Training
Organizations today battle an ever-evolving cyber threat landscape, yet many security teams struggle to keep pace due to a critical skills gap and limited access to high-quality training. As teams are expected to do more with fewer resources, cybersecurity education is essential. At CrowdStrike, we’re committed to breaking down these barriers. That’s why we’ve reimagined … [Read more...] about CrowdStrike University Fast Track Fuels Cybersecurity Training
Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification
Feb 11, 2025Ravie LakshmananMobile Security / Machine Learning Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while … [Read more...] about Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification
From Hyrbid Mesh Firewalls to Universal ZTNA
If you’ve heard it once, you’ve probably heard it a million times: “today’s enterprise environments are becoming more and more complex.” I know it’s something I’ve been known to say a time or two (or a million). Here’s the thing: it’s true. There are several factors at play, but two of the biggest are the increasingly fine-grained composition and distribution of applications … [Read more...] about From Hyrbid Mesh Firewalls to Universal ZTNA
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Feb 10, 2025Ravie LakshmananMalware / Payment Security Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, … [Read more...] about Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Feb 08, 2025Ravie LakshmananArtificial Intelligence / Supply Chain Security Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of … [Read more...] about Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
Feb 07, 2025Ravie LakshmananMobile Security / Artificial Intelligence A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that … [Read more...] about DeepSeek App Transmits Sensitive User and Device Data Without Encryption