The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new Secure by Design Alert warning about the risks posed by buffer overflow vulnerabilities in software. The alert, titled “Eliminating Buffer Overflow Vulnerabilities,” highlights the need for secure software development practices to prevent …
Small and medium-sized businesses are highly vulnerable to Business Email Compromise (BEC) attacks. Threat actors are evolving, exploiting human error and trust while leveraging automation tools and AI. To shed light on this evolving threat, Information Security Buzz spoke with David Langlands, Todyl’s Chief Security Officer, to discuss the notorious …
Ransomware payments decreased by 35.82% year-over-year (YoY) in 2024, research from Chainalysis has revealed. The blockchain analytics company attributes much of this decrease to increased law enforcement actions, improved international collaboration, and a growing refusal of victims to pay. While, throughout 2024, less than half of recorded incidents resulted in …
In the short time since its debut, DeepSeek has made waves in the AI industry, garnering praise as well as scrutiny. The model’s meteoric rise has fueled debate over its claimed efficiency, intellectual property worries, and its general reliability and safety. A week ago, Information Security Buzz wrote about how …
The UK and the US have opted not to sign an international agreement on artificial intelligence (AI) at a global summit held in Paris. The declaration—endorsed by multiple countries including France, China, and India—commits to an “open,” “inclusive,” and “ethical” approach to AI development. The UK government issued a brief …
As IT environments grow increasingly complex, the necessity for advanced security measures at the endpoint level has never been more critical. This year will bring a wave of new challenges and opportunities in cybersecurity. Two prominent trends that will shape the future of enterprise security are the shift toward biometrics …
Cybercriminals are rapidly evolving their tactics for exploiting large language models (LLMs), with recent evidence showing a surge in LLMjacking incidents. Since Sysdig TRT first discovered LLMjacking in May 2024, it says attackers have continuously adapted, targeting new models such as DeepSeek and monetizing stolen credentials through proxy services. The …
Organizations are increasingly prioritizing compliance due to recent regulatory requirements, such as those from the US Government regarding the sale of software to the US government and the EU’s Digital Operational Resilience Act (DORA). This was one of the findings of the Black Duck “Building Security in Maturity Model” (BSIMM) …
The software industry is full of surprises. From development to user experience, it`s a vast avenue of innovations, problem-solving, and security hurdles, driving to create a better and reliable digital landscape for everyone. We spoke with Paul Davis, Field CISO at JFrog, on some interesting topics such as Generative AI, preparing for …
Sectigo has introduced Sectigo PQC Labs, a testing platform developed in collaboration with Crypto4A, a provider of quantum-safe Hardware Security Modules (HSMs). The platform aims to help companies prepare for the transition to post-quantum cryptography (PQC) by offering a secure environment to test, validate, and implement quantum-resistant cryptographic certificates. Start …
Got Questions? Call Us Now!