How defenders are experimenting with artificial intelligence
AI dominated conversations at the RSA Security Conference in May, but underneath the hype, some real changes are in the works.
Home is where the hackers are: The dizzying task of securing remote work
Increases in phishing attacks, credential stuffing against corporate cloud services and unpatched vulnerabilities in consumer hardware have all skyrocketed since the COVID pandemic upended work routines. With more employees logging in from home, locking down workers’ security habits and local networks has never mattered so much.
Flawed choices: Developers continue to use vulnerable open-source dependencies
While the open-source ecosystem continues to make progress on securing the production of widely used components, developers need better tools and a security culture to benefit.
Russia-Ukraine cyber conflict splits APT groups, raises threat level
The global cyberthreat landscape has changed since Russia’s invasion of Ukraine but not necessarily in the ways predicted.
AI-powered phishing: Chatbot hazard or hot air?
ChatGPT’s launch last November has captivated the security industry, as the artificially intelligent chatbot’s detailed responses seem ripe for abuse by scammers and cybercriminals. What’s the real threat?
AI code assistants need security training
Multiple studies have found that generative neural networks that produce code also reproduce security vulnerabilities in their datasets.
Top takeaways from ShmooCon: Less moose, more cyberthreats
ShmooCon 2023 has come and gone. Now it’s time to consider what the most laid-back infosec conference of the year — boasting the quirky tagline, “Less Moose Than Ever” — can tell us about the security industry heading into 2023.
SBOMs are billed as a balm for supply chain risks. What’s the holdup?
The fallout of the Log4Shell vulnerability accelerated efforts to require a software bill of materials (SBOM) for the apps, libraries and other digital tools we rely on, but when it comes to generating and using this information, obstacles abound.
Cybercrime is more of a threat than nation-state hackers
Back-to-back security conferences detailed the latest threats posed by malicious nation-states on the one hand and cybercriminals on the other. One takeaway is that cybercrime volumes are more massive and more persistent than the higher profile advanced persistent threats.
Feds eye virtual reality as the next privacy and security battleground
At the Federal Trade Commission’s annual PrivacyCon this week, a top regulator and outside experts zeroed in on digital risks posed by the nascent virtual reality industry.