This blog highlights the cybersecurity risks of Distributed Energy Resources (DER) like wind and solar power. It discusses vulnerabilities in communication networks, focusing on a data integrity attack targeting offshore wind farms, which can destabilize grids and cause economic losses. The blog emphasizes the urgent need for enhanced security in DER systems to protect modern energy infrastructure.
This blog explores the CrossBarking exploit, a newly discovered attack targeting Opera's private APIs. It delves into how attackers use malicious Chrome extensions to inject harmful scripts, manipulate browser settings, and pair the exploit with XSS attacks for greater impact. Defensive measures, including stricter API permissions and enhanced extension vetting, are also discussed to help mitigate such threats.
This blog explores the evolving landscape of cryptography, comparing traditional libraries like OpenSSL and libsodium with emerging quantum-resistant solutions such as CRYSTALS-Kyber and PQClean. It highlights their features, performance, and security to help developers navigate immediate and future data protection needs in an era of advancing quantum computing.
The blog highlights the growing quantum computing threat to traditional encryption, the importance of cryptographic agility, and the adoption of hybrid approaches. It explores NIST standards, quantum-safe strategies, and practical steps to secure digital assets for the future.
The blog introduces honeypots—decoy systems used in cybersecurity to lure attackers and gather threat intelligence. It explains their role in identifying attack patterns, tools, and vulnerabilities, while protecting real systems. A step-by-step guide to setting up a honeypot with tools like Cowrie, VirtualBox, and Kali Linux is provided, along with tips for further exploration.
Quantum computing is no longer just a thing of sci-fi movies or distant tech dreams. It’s becoming real—fast! And while that’s super exciting for fields like science and medicine, it’s a bit of a nightmare for cybersecurity. Quantum computers will be so powerful that they’ll be able to crack the encryption we rely on today, which means everything from online banking to secure communication could be at risk. But don’t panic! This is where post-quantum cryptography (PQC) comes in, and the process of shifting to quantum-safe encryption is called post-quantum migration. Let’s break down what it is, why you should care, and what needs to happen to keep our digital world safe.
Modern CPUs integrate various advanced architectures and features to maximize performance and efficiency, but these advancements also introduce potential security vulnerabilities. Two major vulnerabilities recently discovered in Intel and AMD CPUs are Intel's RAPL interface vulnerability and AMD's Sinkclose vulnerability. Both vulnerabilities pose risks of sensitive data being extracted by attackers.
Graph Neural Networks (GNNs) have emerged as a cutting-edge tool in malware detection, offering a more robust approach than traditional techniques such as random walks or factorization.
A routine update gone wrong – CrowdStrike’s Falcon platform update triggered widespread system crashes and business disruptions.
Cyberbullying on social media is a growing crisis that significantly impacts teens' mental health, leaving many feeling isolated and distressed. Addressing this issue calls for a proactive, empathetic approach that encourages positive online interactions and builds safer digital environments for young people.
The use of recent disruptive technologies such as blockchain networks, cloud computing infrastructure and machine learning has made the supply chains more effective and efficient, but exposed them to different cyber vulnerabilities. Securing modern supply chains has become an essential, but a complicated task, with attacks such as SolarWinds.
Malware packers obscure malicious code, helping it evade detection by compressing or encrypting files. This blog covers types of packers, their uses, and effective methods for identifying and unpacking hidden threats.
This blog discusses SecOps, what it represents and its benefits.
In his post, most important security mechanisms deployed in android platform is described.
The blog discusses the definition of phishing and the most popular three sophisticated phishing attacks.
Which one do you prefer, traditional or electronic voting? If your preference is the latter one, read this post to know the requirements and potential threats of electronic voting.
Is ”a bunch of IOCs named for marketing” a CTI? or ”we did an IR response against a top tier APT, here are the only things the lawyer will let us say” a CTI? or ”this is a new threat; we have some generic and entirely impractical mitigation advice” a CTI? Or all of them plus many other definitions of CTI construct CTI? Is CTI a mythical animal like Pegasus, i.e., a horse with wings?
This blog will briefly discuss about CTI and how today’s CTI is still evolving. Why it is good or not to share CTI and why systems thinking is very important to Cyber Security and CTI is a good helper to achieve this. Hopefully, someday we can say that CTI can help us going far together in Cyber Security.
This post highlights the increase in cyber-attacks in the past few years. It discusses the various ways and strategies followed by malicious attackers to take control over the system. Also exposing that due to COVID19-pandemic, how everything has changed with number of attacks increased many-fold due to work from home facility. In addition, Internet-of-Things (IoT) devices have made it more critical for cybersecurity providers to secure IoT environments.
Hey! Are you using social media (Twitter, Facebook, Instagram, YouTube)? Are you aware of cyberattacks (data breach, phishing, SIM swap, disinformation) on social media and their impact? If not, this blog makes you aware of these attacks. This blog provides an overview of the rising cyberattacks on/via social media and their impacts.
This post is for companies who are dealing with the personal data of users for business purposes. As we know, data has become an integral part of almost every industry, such as social media, healthcare, e-commerce, and government. With the advancements in digital technology and the proliferation of online services, data is growing at a tremendous pace.
Are you struggling to keep up the security pace of your organization? If so, this article is for you! In today's era of rising global cybersecurity threats, Social engineering tests can prove beneficial for companies to stress-test their weakest links and resolve any underlying issues to avoid security breaches. One of the practical techniques is penetration testing (also known as "pen testing").
Unlike humans, deep supervised algorithms and machine learning techniques require several objects to learn. A child usually needs to perceive just a few examples of an object or even only one before recognizing it for life. By displaying photos of a horse and eagle and telling the child there is a magical creature in between called a unicorn, they can recognize it anywhere they see it. The question is, how can we program AI to be the same? A couple of MIT researchers proposed a distillation technique that synthesizes a small number of data points that do not need to come from the correct data distribution. Their experimental result illustrated that their model could compress 60,000 MNIST training images into only 10 images (one per class).
"mizaru, kikazaru, iwazaru" (see not, hear not, speak not). What can we learn from "see no evil, hear no evil, speak no evil" in the realm of cyber security? In cyber security we do need to see evil, to hear evil, and to speak about evil which can be facilitated by an approach coined as Situation awareness (SA). In SA, we "see and hear" the environment within a context of time and space, then we "speak" about their meaning and the projection in the future. Therefore, systems thinking is very important in cyber security. This blog will discuss how today's endpoint security, network security, threat information sharing, orchestration, and automation of cyber security are still evolving. By considering the current situation, it is good enough for us to say that cyber security is indeed a shared responsibility. It is indeed a "We" in wellness not an "I" in illness.
Crime detection using Artificial Intelligence (AI) approaches, especially Machine Learning (ML) techniques have attracted a lot of attention in both academic research and industry practices. However, the inability of humans to understand how some of these models arrive at their decision is raising a lot of ethical issues. In addition, data protection laws such as the General Data Protection Regulation (GDPR) has empowered data subjects to be entitled to an explanation of automated decisions impacting them and the right to challenge such decisions. Thanks to Explainable AI, an active area of research aimed at ensuring transparency in the use of AI and ML. This article explores the potentials and biases of AI and ML and highlights interpretability methods and libraries that can be leveraged in rooting out inequality in the application of automated decision-making in risk profiling and behavioral analytics as it relates to criminal justice and financial crime prediction.
The research community from different disciplines is studying the dissemination, detection, and mitigation of fake news, however, it remains challenging to detect and prevent the dissemination of fake news in practice. In this blog, we will share few useful tips that can help in identifying fake news articles.
If you are searching the term “artificial intelligence” on Google or you ended up on this particular blog, or commuted to work using Amazon, yes you made use of Artificial Intelligence.
As with all networked computing devices, increased connectivity often results in a heightened risk of a cybersecurity attack. Vehicles are currently being developed and sold with increasing levels of connectivity and automation. After all, people’s lives depend on the proper functioning of the system[1].
Due to IoT ecosystem's complexity, no single technology can deliver a complete IoT solution on its own. From connectivity, sensors, and gateways to the cloud and application systems, an IoT architecture is composed of various components working in concert with each other. As a global partnership project, oneM2M develops standard specifications that cover requirements, architecture, security solutions, and interoperability for machine-to-machine (M2M) and IoT technologies. oneM2M is a service layer platform to support end-to-end IoT services including M2M communications by developing technical specifications. In this blog, we introduce oneM2M and its service layer functions.
Abstract- The MITRE ATT&CK framework is a comprehensive matrix of tactics and techniques used by adversaries to compromise information technology (IT) and operational technology (OT) systems. This framework is used by security engineers to develop analytics to detect possible adversary behaviors. ATT&CK became the practical tool both for the adversary emulation team to plan events and for the detection team to verify their progress. In this blog, brief descriptions of the adversarial tactics used by malicious cyber actors in the IT and OT systems are provided.
The goal of Distributed Denial of Service (DDoS) attacks is to disrupt the normal traffic of a target network/server by overloading the target with a large volume of malicious traffic. In this blog, we provide descriptions of a wide variety of DDoS attacks categorized into two broad groups of reflection-based and exploitation-based attacks.
With the increase usage of smartphones, stalkers found new way to abuse their victims by stealing their online freedom. Usually, this is done by stalkerware apps which are a growing concern in domestic violence. In the recent past, these apps have come with disturbing and dangerous implications as they easily installed without victim's knowledge.
The static nature of the existing state-of-the-art computing systems provides asymmetric advantages to attackers that make them easy for reconnaissance, plan and launch attacks. The concept of Moving Target Defense (MTD) is to dynamically change the attack surface to increase uncertainty and confuse the attackers by invalidating their intelligence collected during the reconnaissance and it significantly reduces the attack success.
This blog describes how digital forensic techniques and tools enable defenders to detect cyberattacks and identify defensive approaches to prevent the similar attacks in future.
Small-scale IT providers are a bit hesitant to be thorough on cybersecurity implementations due to cost. This blog provides a brief insight on what might happen consequently.
Organizations often outsource some of their services to third-party vendors for handling their business-critical data. With some of your most valuable data assets stored with third-party organizations, security becomes a major concern. As a service organization, you would want to know whether the security controls implemented are the best practices to safeguard your customer’s data. You would also want to ensure that your third-party vendor is Compliant with various industry standards. This is when a SOC1 Audit comes into the picture. SOC1 Audit plays a key role in ensuring whether or not a company is compliant with the set security standards and has in place necessary controls. This blog covers the top 5 reasons why a data center should consider or rather need a SOC1 Audit. But before delving in, let us first understand what a SOC1 Audit is.
As 5G standards continue to evolve, all relevant stakeholders including research institutions should be involved in the 5G technology rollout process and the 6G development initiative to ensure the security of billions of IoT devices and systems. This also applies to the development of emergent networks which will have big implications for government and industry solutions in terms of public safety and critical asset protection.