Lethal Weapon 5: SecOps
This blog discusses SecOps, what it represents and its benefits.
This blog discusses SecOps, what it represents and its benefits.
In his post, most important security mechanisms deployed in android platform is described.
The blog discusses the definition of phishing and the most popular three sophisticated phishing attacks.
Which one do you prefer, traditional or electronic voting? If your preference is the latter one, read this post to know the requirements and potential threats of electronic voting.
Is ”a bunch of IOCs named for marketing” a CTI? or ”we did an IR response against a top tier APT, here are the only things the lawyer will let us say” a CTI? or ”this is a new threat; we have some generic and entirely impractical mitigation advice” a CTI? Or all of them plus many other definitions of CTI construct CTI? Is CTI a mythical animal like Pegasus, i.e., a horse with wings? This blog will briefly discuss about CTI and how today’s CTI is still evolving. Why it is good or not to share CTI and why systems thinking is very important to Cyber Security and CTI is a good helper to achieve this. Hopefully, someday we can say that CTI can help us going far together in Cyber Security.
This post highlights the increase in cyber-attacks in the past few years. It discusses the various ways and strategies followed by malicious attackers to take control over the system. Also exposing that due to COVID19-pandemic, how everything has changed with number of attacks increased many-fold due to work from home facility. In addition, Internet-of-Things (IoT) devices have made it more critical for cybersecurity providers to secure IoT environments.
Hey! Are you using social media (Twitter, Facebook, Instagram, YouTube)? Are you aware of cyberattacks (data breach, phishing, SIM swap, disinformation) on social media and their impact? If not, this blog makes you aware of these attacks. This blog provides an overview of the rising cyberattacks on/via social media and their impacts.
This post is for companies who are dealing with the personal data of users for business purposes. As we know, data has become an integral part of almost every industry, such as social media, healthcare, e-commerce, and government. With the advancements in digital technology and the proliferation of online services, data is growing at a tremendous pace.
Are you struggling to keep up the security pace of your organization? If so, this article is for you! In today's era of rising global cybersecurity threats, Social engineering tests can prove beneficial for companies to stress-test their weakest links and resolve any underlying issues to avoid security breaches. One of the practical techniques is penetration testing (also known as "pen testing").
Unlike humans, deep supervised algorithms and machine learning techniques require several objects to learn. A child usually needs to perceive just a few examples of an object or even only one before recognizing it for life. By displaying photos of a horse and eagle and telling the child there is a magical creature in between called a unicorn, they can recognize it anywhere they see it. The question is, how can we program AI to be the same? A couple of MIT researchers proposed a distillation technique that synthesizes a small number of data points that do not need to come from the correct data distribution. Their experimental result illustrated that their model could compress 60,000 MNIST training images into only 10 images (one per class).
"mizaru, kikazaru, iwazaru" (see not, hear not, speak not). What can we learn from "see no evil, hear no evil, speak no evil" in the realm of cyber security? In cyber security we do need to see evil, to hear evil, and to speak about evil which can be facilitated by an approach coined as Situation awareness (SA). In SA, we "see and hear" the environment within a context of time and space, then we "speak" about their meaning and the projection in the future. Therefore, systems thinking is very important in cyber security. This blog will discuss how today's endpoint security, network security, threat information sharing, orchestration, and automation of cyber security are still evolving. By considering the current situation, it is good enough for us to say that cyber security is indeed a shared responsibility. It is indeed a "We" in wellness not an "I" in illness.
Crime detection using Artificial Intelligence (AI) approaches, especially Machine Learning (ML) techniques have attracted a lot of attention in both academic research and industry practices. However, the inability of humans to understand how some of these models arrive at their decision is raising a lot of ethical issues. In addition, data protection laws such as the General Data Protection Regulation (GDPR) has empowered data subjects to be entitled to an explanation of automated decisions impacting them and the right to challenge such decisions. Thanks to Explainable AI, an active area of research aimed at ensuring transparency in the use of AI and ML. This article explores the potentials and biases of AI and ML and highlights interpretability methods and libraries that can be leveraged in rooting out inequality in the application of automated decision-making in risk profiling and behavioral analytics as it relates to criminal justice and financial crime prediction.
The research community from different disciplines is studying the dissemination, detection, and mitigation of fake news, however, it remains challenging to detect and prevent the dissemination of fake news in practice. In this blog, we will share few useful tips that can help in identifying fake news articles.
If you are searching the term “artificial intelligence” on Google or you ended up on this particular blog, or commuted to work using Amazon, yes you made use of Artificial Intelligence.
As with all networked computing devices, increased connectivity often results in a heightened risk of a cybersecurity attack. Vehicles are currently being developed and sold with increasing levels of connectivity and automation. After all, people’s lives depend on the proper functioning of the system.
Due to IoT ecosystem's complexity, no single technology can deliver a complete IoT solution on its own. From connectivity, sensors, and gateways to the cloud and application systems, an IoT architecture is composed of various components working in concert with each other. As a global partnership project, oneM2M develops standard specifications that cover requirements, architecture, security solutions, and interoperability for machine-to-machine (M2M) and IoT technologies. oneM2M is a service layer platform to support end-to-end IoT services including M2M communications by developing technical specifications. In this blog, we introduce oneM2M and its service layer functions.
Abstract- The MITRE ATT&CK framework is a comprehensive matrix of tactics and techniques used by adversaries to compromise information technology (IT) and operational technology (OT) systems. This framework is used by security engineers to develop analytics to detect possible adversary behaviors. ATT&CK became the practical tool both for the adversary emulation team to plan events and for the detection team to verify their progress. In this blog, brief descriptions of the adversarial tactics used by malicious cyber actors in the IT and OT systems are provided.
The goal of Distributed Denial of Service (DDoS) attacks is to disrupt the normal traffic of a target network/server by overloading the target with a large volume of malicious traffic. In this blog, we provide descriptions of a wide variety of DDoS attacks categorized into two broad groups of reflection-based and exploitation-based attacks.
With the increase usage of smartphones, stalkers found new way to abuse their victims by stealing their online freedom. Usually, this is done by stalkerware apps which are a growing concern in domestic violence. In the recent past, these apps have come with disturbing and dangerous implications as they easily installed without victim's knowledge.
The static nature of the existing state-of-the-art computing systems provides asymmetric advantages to attackers that make them easy for reconnaissance, plan and launch attacks. The concept of Moving Target Defense (MTD) is to dynamically change the attack surface to increase uncertainty and confuse the attackers by invalidating their intelligence collected during the reconnaissance and it significantly reduces the attack success.
This blog describes how digital forensic techniques and tools enable defenders to detect cyberattacks and identify defensive approaches to prevent the similar attacks in future.
Small-scale IT providers are a bit hesitant to be thorough on cybersecurity implementations due to cost. This blog provides a brief insight on what might happen consequently.
Organizations often outsource some of their services to third-party vendors for handling their business-critical data. With some of your most valuable data assets stored with third-party organizations, security becomes a major concern. As a service organization, you would want to know whether the security controls implemented are the best practices to safeguard your customer’s data. You would also want to ensure that your third-party vendor is Compliant with various industry standards. This is when a SOC1 Audit comes into the picture. SOC1 Audit plays a key role in ensuring whether or not a company is compliant with the set security standards and has in place necessary controls. This blog covers the top 5 reasons why a data center should consider or rather need a SOC1 Audit. But before delving in, let us first understand what a SOC1 Audit is.
As 5G standards continue to evolve, all relevant stakeholders including research institutions should be involved in the 5G technology rollout process and the 6G development initiative to ensure the security of billions of IoT devices and systems. This also applies to the development of emergent networks which will have big implications for government and industry solutions in terms of public safety and critical asset protection.